[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #5603 [Tor Client]: get_configured_bridge_by_addr_port_digest is not robust (was: tor doesn't notice some Bridge line edits after SIGHUP)

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #5603 [Tor Client]: get_configured_bridge_by_addr_port_digest is not robust (was: tor doesn't notice some Bridge line edits after SIGHUP)
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Fri, 11 May 2012 13:42:37 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 11 May 2012 09:42:50 -0400
In-reply-to: <043.2ef7193fb7965e6508bb6cca4e125ebb@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bug tracker status mails <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <043.2ef7193fb7965e6508bb6cca4e125ebb@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#5603: get_configured_bridge_by_addr_port_digest is not robust
------------------------+---------------------------------------------------
 Reporter:  asn         |          Owner:                    
     Type:  defect      |         Status:  new               
 Priority:  major       |      Milestone:  Tor: 0.2.3.x-final
Component:  Tor Client  |        Version:                    
 Keywords:              |         Parent:                    
   Points:              |   Actualpoints:                    
------------------------+---------------------------------------------------

Comment(by asn):

 I've been kinda hesitant in fixing this, because
 `get_configured_bridge_by_addr_port_digest()` is a popular function, and
 I'm afraid that I might break stuff. For example, it's called when adding
 bridges from the config, when we learn a new identity digest for a bridge,
 when we add a bridge to the routerlist, etc..

 `get_configured_bridge_by_addr_port_digest()` doesn't have a well-defined
 interface or behavior either. For example, some interesting things about
 the function:

 a) It seems that all its arguments are optional. If an addrport is
 '''not''' given, but a digest is given and it matches the digest of a
 configured bridge, the configured bridge is returned. Similarly, if a
 digest is '''not''' given, but the addrport can match a configured bridge,
 the configured bridge is returned.

 b) If '''all''' arguments are provided (addr, port '''and''' digest), if
 the given digest matches a configured bridge's digest, the configured
 bridge is returned, even if the addrport doesn't match. The same is not
 true, if the digests don't match but the addrports match.

 c) If an addrport and digest are given, and a configured bridge
 '''doesn't''' have a stored digest but its addrport matches the provided
 addrport, the configured bridge is returned.

 I'm not sure which of the above properties are bugs and which are design
 choices (for example, `learned_router_identity()` seems to use c)), but
 it's hard to fix this ticket without a well defined interface/behavior.

 To minimize the breakage, maybe we can teach
 `get_configured_bridge_by_addr_port_digest()` about pluggable transports
 in 0.2.3, and then refactor it in 0.2.4. Note that this would not solve
 bugs like ''b) If a bridge has a fingerprint and it remains the same, but
 its address/port changes, tor won't notice it.'' in
 `bridge_add_from_config()`.

 Teaching the function about PTs would involve adding a `const char
 *transport` argument to the function. `transport` should be optional: if
 it's not given, we still return bridges that match the other given
 arguments. If `transport` is given, we '''don't''' return bridges that
 match the other arguments but have a different `transport`.

 Refactoring the function would involve specifying exactly what the
 function expects as arguments, and how it treats its arguments. We should
 also see if a single function can handle all our use cases, and whether we
 need to split it into multiple functions with different logic.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5603#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #5830 [Analysis]: Write stream/circ event parser to track circuit use
Next by Author: Re: [tor-bugs] #5467 [Tor bundles/installation]: Change TBB main toolbar menu button color, text & icon
Previous by thread: Re: [tor-bugs] #5831 [HTTPS Everywhere: Chrome]: Valve/Steam rule typo
Next by thread: [tor-bugs] #5832 [Atlas]: Indefinite wait in relay no longer exists
Index(es):
- Author
- Thread