Opened 3 years ago

Closed 3 years ago

Last modified 18 months ago

#12195 closed defect (fixed)

Match channel and circid, not just circid

Reported by: nickm Owned by:
Priority: Medium Milestone: Tor: 0.2.5.x-final
Component: Core Tor/Tor Version:
Severity: Keywords: 024-backport, tor-relay, 025-triaged, 2016-bug-retrospective
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

In one or two places in the code, we try to tell which circuit a cell is on doing something like:

  if (!CIRCUIT_IS_ORIGIN(circ) &&
      cell->circ_id == TO_OR_CIRCUIT(circ)->p_circ_id) {

But that's wrong! There is no reason at all a circuit cannot have p_circ_id == n_circ_id.

Child Tickets

Change History (9)

comment:1 Changed 3 years ago by nickm

Component: - Select a componentTor

comment:2 Changed 3 years ago by nickm

New record for "oldest bug in tor". Branch to fix it in "bug12195". It would make any circuits affected by it (roughly one in a million with narrow circuit IDs) completely nonfunctional, since all of their inbound cells relay cells would have been misidentified as outbound.

comment:3 Changed 3 years ago by nickm

Status: newneeds_review

comment:4 Changed 3 years ago by nickm

Keywords: 025-triaged added

comment:5 Changed 3 years ago by andrea

This branch looks fine to me. Recommend merge.

comment:6 Changed 3 years ago by nickm

Resolution: fixed
Status: needs_reviewclosed

Merged!

comment:7 Changed 18 months ago by nickm

Keywords: 2016-bug-retrospective added

Mark bugs for 2016 bug retrospective based on hand-examination of changelogs for 0.2.5 onwards.

comment:8 Changed 18 months ago by nickm

Mark bugs for 2016 bug retrospective based on hand-examination of changelogs for 0.2.5 onwards.

comment:9 Changed 18 months ago by nickm

Mark bugs for 2016 bug retrospective based on hand-examination of changelogs for 0.2.5 onwards.

Note: See TracTickets for help on using tickets.