Opened 7 years ago

Closed 7 years ago

#6167 closed defect (worksforme)

Possible assertion failure in connection_ap_handshake_attach_circuit()

Reported by: nickm Owned by:
Priority: High Milestone: Tor: 0.2.4.x-final
Component: Core Tor/Tor Version:
Severity: Keywords: tor-hs
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Vektor reports that an AdvOR user reported a failure of the assertion

tor_assert(introcirc->_base.purpose ==  CIRCUIT_PURPOSE_C_INTRODUCING); 

in connection_ap_handshake_attach_circuit().

His fix is to replace the test in circuit_is_acceptable() so that CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT circuits can no longer get returned.

We should investigate. Filing for 0.2.2 since ISTR that's what AdvOR is tracking.

Child Tickets

Change History (8)

comment:1 Changed 7 years ago by arma

Our friendly irc person points out: if someone decide to reuse circuit CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT using EXTENDCIRCUIT command over controlport then it can trigger the assert. Sounds like a good reason to at least back away from asserting. (May or may not be the bug originally experienced. Probably isn't.)

comment:2 in reply to:  1 Changed 7 years ago by rransom

Replying to arma:

Our friendly irc person points out: if someone decide to reuse circuit CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT using EXTENDCIRCUIT command over controlport then it can trigger the assert. Sounds like a good reason to at least back away from asserting.

Sounds like a good reason to make EXTENDCIRCUIT refuse to mung HS-related circuits; it certainly can't do anything useful with them.

comment:3 Changed 7 years ago by nickm

I'm with rransom on the correct solution to the death-by-controller issue, though I'm not so sure a controller was involved in this case.

comment:4 Changed 7 years ago by rransom

I couldn't figure out a way for this assertion failure to occur in Tor 0.2.2.x or 0.2.3.x. boboper couldn't figure out a way for it to occur in Tor, and found suspicious changes in ‘AdvOR’.

The code having to do with intro_going_on_but_too_old in circuit_get_best seems bogus, but I don't see how it could cause this bug, and boboper thinks it's innocent here too.

comment:5 Changed 7 years ago by nickm

Milestone: Tor: 0.2.2.x-finalTor: 0.2.4.x-final

We should take one last look at this then close the ticket.

comment:6 Changed 7 years ago by nickm

Keywords: tor-hs added

comment:7 Changed 7 years ago by nickm

Component: Tor Hidden ServicesTor

comment:8 Changed 7 years ago by nickm

Resolution: worksforme
Status: newclosed

Okay; it really does seem that this isn't our bug. Closing.

Note: See TracTickets for help on using tickets.