Opened 13 months ago

Last modified 4 months ago

#23790 merge_ready defect

rend_service_prune_list_impl_() doesn't copy over desc_is_dirty when copying intro points

Reported by: jl Owned by: dgoulet
Priority: Medium Milestone: Tor: 0.2.9.x-final
Component: Core Tor/Tor Version: Tor: 0.3.1.7
Severity: Normal Keywords: 029-backport, 031-unreached-backport
Cc: asn Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

In rend_service_prune_list_impl_(void) (src/or/rendservice.c), the introduction points are copied over from the old to new rend_service_t:

smartlist_add_all(new->intro_nodes, old->intro_nodes);

but, the desc_is_dirty field is not copied over.

If a reload occurs between after a hidden service is added, but before its descriptor is published for the first time (triggered via desc_is_dirty), it will not publish its first descriptor until:

rendinitialpostdelay + crypto_rand_int(2*rendpostperiod)

It looks like it's simply missing new->desc_is_dirty = old->desc_is_dirty; prior to copying of introduction points.

Child Tickets

Change History (7)

comment:1 Changed 13 months ago by nickm

Cc: asn dgoulet added
Keywords: 031-backport added
Milestone: Tor: 0.3.2.x-final

comment:2 Changed 12 months ago by dgoulet

Cc: dgoulet removed
Owner: set to dgoulet
Status: newaccepted

comment:3 Changed 12 months ago by dgoulet

Keywords: 029-backport added
Status: acceptedneeds_review

I've actually extended this to a bit more data that needed to be copied from the old service to the new service object. I'm also flagging this for to be considered maybe for 029-backport, if we do want 031 and 029 backport, I'll based the fix on those branch if we decide to.

Branch: bug23790_032_01

This is a nice find, it goes back up to 021. Thanks jl!

Last edited 12 months ago by dgoulet (previous) (diff)

comment:4 Changed 12 months ago by nickm

Milestone: Tor: 0.3.2.x-finalTor: 0.3.1.x-final
Status: needs_reviewmerge_ready

Merged to 0.3.2 and forward; marking for possible backport.

comment:5 Changed 8 months ago by nickm

Is this bug bad enough to be worth backporting? The fix seems comparably safe.

comment:6 Changed 4 months ago by nickm

Milestone: Tor: 0.3.1.x-finalTor: 0.2.9.x-final

comment:7 Changed 4 months ago by teor

Keywords: 031-unreached-backport added; 031-backport removed

0.3.1 is end of life, there are no more backports.
Tagging with 031-unreached-backport instead.

Note: See TracTickets for help on using tickets.