[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #22688 [Core Tor/Tor]: Make sure HSDir3s never know service, client, or bridge IP addresses

#22688: Make sure HSDir3s never know service, client, or bridge IP addresses
-------------------------------------------------+-------------------------
 Reporter:  teor                                 |          Owner:
     Type:  defect                               |         Status:
                                                 |  needs_revision
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  0.3.1.x-final
Component:  Core Tor/Tor                         |        Version:  Tor:
                                                 |  unspecified
 Severity:  Normal                               |     Resolution:
 Keywords:  prop224, relay-safety,               |  Actual Points:  0.3
  031-backport, maybe-030-backport-with-21406    |
Parent ID:  #17945                               |         Points:  0.3
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by dgoulet):

 * status:  needs_review => needs_revision


Comment:

 Some comments:

 * We should break this assert() in two different ones else if triggered,
 we won't know which condition triggered it:

 {{{
 +  /* A clever compiler might complain this is always true */
 +  tor_assert(TO_CONN(conn) && TO_CONN(conn)->linked);
 }}}

 * How do we know that this is a `one-hop` circuit with this condition?

 {{{
 +  /* Well, we won't be sending anything back on that, will we?
 +   * (Avoid giving the wrong answer because state has been reset.) */
 +  if (TO_CONN(conn)->linked_conn_is_closed ||
 +      !l_conn || l_conn->marked_for_close) {
 +    log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
 +           "Refusing %s one-hop encrypted directory connection.",
 +           TO_CONN(conn)->linked_conn_is_closed ? "closed linked" :
 +           !l_conn ? "NULL linked" : "marked for closed linked");
 +    return 0;
 +  }
 }}}

  Same goes with these condition later:

 {{{
 +  if (BUG(!exitconn) || !exitconn->on_circuit) {
 [...]
 +  if (BUG(!orcirc) || !orcirc->p_chan) {
 }}}

 * Would using `CIRCUIT_IS_ORCIRC()` me more appropriate here?

 {{{
 +  /* We should always be using an OR circuit */
 +  if (BUG(exitconn->on_circuit->purpose != CIRCUIT_PURPOSE_OR)) {
 +    return 0;
 +  }
 }}}

 * I'm unclear on where this is checked? Maybe it's done through some
 indirect checks that I haven't spotted but is there a way you can know
 that with an `or_circuit_t` ?

 {{{
 + * For client circuits via relays, this is true for 2-hop or greater
 paths,
 + * for client circuits via bridges, this is true for 3-hop or greater
 paths.
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22688#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs