Opened 8 months ago

Closed 6 months ago

#21007 closed defect (fixed)

guard: circuit_send_next_onion_skin(): Bug: 3-hop circuit <ptr> with purpose 18 has no guard state

Reported by: dgoulet Owned by: nickm
Priority: High Milestone: Tor: 0.3.0.x-final
Component: Core Tor/Tor Version: Tor: 0.3.0.3-alpha
Severity: Normal Keywords: tor-guard, review-group-16
Cc: Actual Points: 0
Parent ID: Points:
Reviewer: asn Sponsor:

Description

Got 7 of those in rapid succession just after self test was done.

 16:43:58 [WARN] circuit_send_next_onion_skin(): Bug: 3-hop circuit <ptr> with purpose 18 has no guard state (on Tor 0.3.0.0-alpha-dev 4ec9751c144465f6) 

At commit 4ec9751c144465f6

Child Tickets

Change History (14)

comment:1 Changed 8 months ago by nickm

Owner: set to nickm
Status: newaccepted

I think has maybe something to do with the fact that hidden-service-descriptor fetching circuits are cannibalized?

Or maybe it never got a guard. If so, that's bad.

comment:2 Changed 8 months ago by nickm

Priority: MediumHigh

comment:3 Changed 8 months ago by nickm

Oh. "Just after self test was done." This is on a relay!

comment:4 Changed 8 months ago by nickm

Status: acceptedneeds_review

bug21007 is a very short fix here.

comment:5 Changed 8 months ago by nickm

Merged! Still needs review though. The commit is c468df3961739720337baa6cc01da23aa8520712

comment:6 Changed 8 months ago by asn

Resolution: fixed
Status: needs_reviewclosed

Fix looks good. Closing the ticket.

The fix slightly adds more complexity to that already complex function, so I opened another follow-up ticket for cleaning it up a bit (#21039).

comment:7 Changed 6 months ago by toralf

This happened immediately after I rebooted into new Gentoo hardened kernel 4.9.10 (was 4.9.9 before) today :

mr-fox ~ # cat /tmp/notice.log 
Feb 18 17:09:11.000 [notice] Tor 0.3.0.3-alpha (git-bb2ea3642d54ff03) opening new log file.
Feb 18 17:09:11.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Feb 18 17:09:12.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Feb 18 17:09:12.000 [notice] Configured to measure statistics. Look for the *-stats files that will first be written to the data directory in 24 hours from now.
Feb 18 17:09:12.000 [notice] We were built to run on a 64-bit CPU, with OpenSSL 1.0.1 or later, but with a version of OpenSSL that apparently lacks accelerated support for the NIST P-224 and P-256 groups. Building openssl with such support (using the enable-ec_nistp_64_gcc_128 option when configuring it) would make ECDH much faster.
Feb 18 17:09:12.000 [notice] Your Tor server's identity key fingerprint is 'zwiebeltoralf 1AF72E8906E6C49481A791A6F8F84F8DFEBBB2BA'
Feb 18 17:09:12.000 [notice] Bootstrapped 0%: Starting
Feb 18 17:09:26.000 [notice] Starting with guard context "default"
Feb 18 17:09:26.000 [notice] Bootstrapped 80%: Connecting to the Tor network
Feb 18 17:09:26.000 [notice] Self-testing indicates your ORPort is reachable from the outside. Excellent.
Feb 18 17:09:27.000 [notice] Bootstrapped 85%: Finishing handshake with first hop
Feb 18 17:09:27.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
Feb 18 17:09:27.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
Feb 18 17:09:27.000 [notice] Bootstrapped 100%: Done
Feb 18 17:10:26.000 [notice] Self-testing indicates your DirPort is reachable from the outside. Excellent. Publishing server descriptor.
Feb 18 17:10:27.000 [notice] Performing bandwidth self-test...done.
Feb 18 17:10:30.000 [warn] circuit_send_next_onion_skin(): Bug: 3-hop circuit 0x485494c780 with purpose 13 has no guard state (on Tor 0.3.0.3-alpha bb2ea3642d54ff03)
Feb 18 17:39:00.000 [notice] New control connection opened from 127.0.0.1.

comment:8 Changed 6 months ago by toralf

Resolution: fixed
Status: closedreopened

comment:9 Changed 6 months ago by teor

Version: Tor: 0.3.0.3-alpha

comment:10 Changed 6 months ago by nickm

Actual Points: 0
Status: reopenedneeds_review

Okay, that's different. That says "with purpose 13".

Purpose 13 is CIRCUIT_PURPOSE_C_MEASURE_TIMEOUT.

I've written up a possible fix as bug21007_case2_030. Please review?

comment:11 Changed 6 months ago by nickm

Keywords: review-group-16 added

comment:12 Changed 6 months ago by nickm

Reviewer: asn

comment:13 Changed 6 months ago by asn

Status: needs_reviewmerge_ready

Patch looks good to me :)

comment:14 Changed 6 months ago by nickm

Resolution: fixed
Status: merge_readyclosed

Merging!

Note: See TracTickets for help on using tickets.