Opened 9 years ago

Closed 9 years ago

Last modified 8 years ago

#3540 closed defect (implemented)

Limit the number of non-open general circuits

Reported by: nickm Owned by:
Priority: Medium Milestone: Tor: 0.2.3.x-final
Component: Core Tor/Tor Version:
Severity: Keywords: tor-client
Cc: Actual Points:
Parent ID: #1865 Points:
Reviewer: Sponsor:


With some proposal 171 options, it's pretty easy for an ill-conceived configuration and a/or a hostile application/server combination to provoke a huge number of circuits. For example, if the user foolishly chooses IsolateDestAddr or IsolateDestPort on a port that they then use for web browsing, a hostile webpage can trivially make Tor try connections to an arbitrarily large number of addresses, or to every possible port.

We could say "Don't do that then", but there's always some genius who wants to ship a "sooper secure" bundle with all the options turned on. So instead, let's have an option to limit the number of general circuits that can be in a "building" state at a time.

This should have a reasonably safe default and a reasonably high maximum.

Child Tickets

Change History (4)

comment:1 Changed 9 years ago by nickm

Status: newneeds_review

Now implemented in prop171. The implementation might not be so efficient, but it should get less bad later when we split circuit_list into one for or_circuits and one for origin_circuits.

comment:2 Changed 9 years ago by nickm

Resolution: implemented
Status: needs_reviewclosed

comment:3 Changed 8 years ago by nickm

Keywords: tor-client added

comment:4 Changed 8 years ago by nickm

Component: Tor ClientTor
Note: See TracTickets for help on using tickets.