Opened 10 months ago

Last modified 2 months ago

#26806 accepted defect

Check if Tor clients sometimes send duplicate cells on rendezvous circuits: Possible replay detected! An INTRODUCE2 cell with thesame ENCRYPTED section was seen

Reported by: s7r Owned by: dgoulet
Priority: High Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-hs
Cc: asn Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

As my v3 onion service is getting more and more popular, I started to get:

[warn] Possible replay detected! An INTRODUCE2 cell with thesame ENCRYPTED section was seen 32 seconds ago. Dropping cell.

I am inclined to think that this is more like a bug in Tor, maybe due to a race condition, rather than a replay attack.

I also think this is what causes #15618 - dgoulet confirmed that the warning can be reproduced every time a second ESTABLISH_RENDEZVOUS is sent over the same circuit.

This can probably go away if we fix #21084. I am not sure if that should be a parent ticket here or not, please change if you feel like it. I think I still have yawning's tool and notes about how to reproduce #21084.

Child Tickets

Change History (6)

comment:1 Changed 10 months ago by dgoulet

Cc: dgoulet removed
Milestone: Tor: unspecifiedTor: 0.3.5.x-final

Although in this case, tor would be sending twice the same INTRODUCE1 cell... There is a case where a tor client will send twice an INTRO cell which is when the initial intro request timed out (due to not receiving the intro ACK), then the client will resend an INTRO cell with the same rendezvous cookie. However, I believe we have a mechanism that prevents tor from picking that intro point again.

Thus I suspect we aren't flagging the timed out intro point correctly client side leading to a possibly double send on the same intro point (intro point are picked randomly by the client). I think in theory hs_cache_client_intro_state_note() is responsible for that and oops! it is only used if we get a NACK ... not on circuit timeout! Not looking like a regression, more likely we always had that problem.

Moving this to 035 so we can fix that.

comment:2 Changed 8 months ago by dgoulet

Summary: Check if Tor clients sometiems send duplicate cells on rendezvous circuits: Possible replay detected! An INTRODUCE2 cell with thesame ENCRYPTED section was seenCheck if Tor clients sometimes send duplicate cells on rendezvous circuits: Possible replay detected! An INTRODUCE2 cell with thesame ENCRYPTED section was seen

comment:3 Changed 8 months ago by dgoulet

Owner: set to dgoulet
Status: newaccepted

comment:4 Changed 8 months ago by nickm

Priority: MediumHigh

comment:5 Changed 7 months ago by dgoulet

Milestone: Tor: 0.3.5.x-finalTor: unspecified

comment:6 Changed 2 months ago by mikeperry

#29699 looks like a dup of this

Note: See TracTickets for help on using tickets.