Opened 7 years ago

Closed 7 years ago

Last modified 7 years ago

#6866 closed defect (fixed)

pathbias_count_first_hop(): Bug: circuitbuild.c:2650

Reported by: fob Owned by: mikeperry
Priority: High Milestone: Tor: 0.2.3.x-final
Component: Core Tor/Tor Version: Tor: 0.2.3.21-rc
Severity: Keywords: MikePerry201209 tor-client
Cc: mikeperry Actual Points: 3
Parent ID: Points:
Reviewer: Sponsor:

Description

I installed Tor 0.2.3.22-rc yesterday and after a few hours it crashes with this error.

Sep 16 22:35:52.000 [err] pathbias_count_first_hop(): Bug: circuitbuild.c:2650: pathbias_count_first_hop: Assertion circ->build_state->desired_path_len == 1 failed; aborting.

I am using Tor in tor2web mode on a CentOS 5.7 VPS with 1GB ram.

Full log..

Sep 16 13:30:54.000 [notice] Tor 0.2.3.22-rc (git-213ba1a70b41ea97) opening log file.
Sep 16 13:30:54.000 [warn] This copy of Tor was compiled to run in a non-anonymous mode. It will provide NO ANONYMITY.
Sep 16 13:30:54.000 [notice] Parsing GEOIP file /usr/local/share/tor/geoip.
Sep 16 13:30:55.000 [notice] No AES engine found; using AES_* functions.
Sep 16 13:30:55.000 [notice] This version of OpenSSL has a slow implementation of counter mode; not using it.
Sep 16 13:30:55.000 [notice] OpenSSL OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 [90802f] looks like it's older than 0.9.8l, but some vendors have backported 0.9.8l's renegotiation code to earlier versions, and some have backported the code from 0.9.8m or 0.9.8n. I'll set both SSL3_FLAGS and SSL_OP just to be safe.
Sep 16 13:30:55.000 [notice] Reloaded microdescriptor cache. Found 3291 descriptors.
Sep 16 13:30:55.000 [notice] We now have enough directory information to build circuits.
Sep 16 13:30:55.000 [notice] Bootstrapped 80%: Connecting to the Tor network.
Sep 16 13:30:56.000 [notice] Heartbeat: Tor's uptime is 0:00 hours, with 2 circuits open. I've sent 0 kB and received 0 kB.
Sep 16 13:30:56.000 [notice] Bootstrapped 85%: Finishing handshake with first hop.
Sep 16 13:30:56.000 [notice] We weren't able to find support for all of the TLS ciphersuites that we wanted to advertise. This won't hurt security, but it might make your Tor (if run as a client) more easy for censors to block.
Sep 16 13:30:56.000 [notice] To correct this, use a more recent OpenSSL, built without disabling any secure ciphers or features.
Sep 16 13:30:56.000 [notice] Bootstrapped 90%: Establishing a Tor circuit.
Sep 16 13:31:02.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
Sep 16 13:31:02.000 [notice] Bootstrapped 100%: Done.
Sep 16 19:30:56.000 [notice] Heartbeat: Tor's uptime is 6:00 hours, with 3 circuits open. I've sent 64.01 MB and received 15.06 MB.
Sep 16 22:35:52.000 [err] pathbias_count_first_hop(): Bug: circuitbuild.c:2650: pathbias_count_first_hop: Assertion circ->build_state->desired_path_len == 1 failed; aborting.

My torrc is default except for the following lines.
Tor2WebMode 1
CircuitBuildTimeout 10

P.S. Tor with tor2webmode on wont work at all unless I put in the CircuitBuildTimeout line, it seems to default to 0 seconds which makes every connection time out instantly.

Child Tickets

Change History (14)

comment:1 in reply to:  description Changed 7 years ago by rransom

Milestone: Tor: 0.2.3.x-final
Priority: normalmajor

Replying to fob:

I installed Tor 0.2.3.22-rc yesterday and after a few hours it crashes with this error.

Sep 16 22:35:52.000 [err] pathbias_count_first_hop(): Bug: circuitbuild.c:2650: pathbias_count_first_hop: Assertion circ->build_state->desired_path_len == 1 failed; aborting.

From pathbias_count_first_hop in src/or/circuitbuild.c:

  /* Completely ignore one hop circuits */
  if (circ->build_state->onehop_tunnel) {
    tor_assert(circ->build_state->desired_path_len == 1);
    return 0;
  }

I see no reason for a piece of code which claims to only attempt to detect path-bias attacks to contain this assertion. Someone will have to review that code to check for other inappropriate assertions as well before 0.2.3.x becomes ‘stable’.

My torrc is default except for the following lines.
Tor2WebMode 1
CircuitBuildTimeout 10

P.S. Tor with tor2webmode on wont work at all unless I put in the CircuitBuildTimeout line, it seems to default to 0 seconds which makes every connection time out instantly.

That's #6304.

comment:2 Changed 7 years ago by nickm

Cc: mikeperry added

comment:3 Changed 7 years ago by mikeperry

Keywords: MikePerry201209 added
Owner: set to mikeperry
Status: newassigned

Whee. How is it we're building onehop tunnels with something other than 1 desired hop, I wonder..

rransom: The problem we face with this code is that weird codepaths like this might be possible to exploit to jack up the counts on either side of the accounting and thus either force the user to rotate off their guards, or induce them into staying longer with malicious guards. That's why I added the LD_BUG loglines on other codepaths. In this case it seemed "clear" that we should "never" violate that condition, so I added the assert..

I checked for other asserts using git blame for me. In this code, I only added this assert, and a matching one on pathbias_count_success().

Should I change them to LD_BUG notice logs for 0.2.4.x, and LD_BUG info lines for 0.2.3.x? I can also add a tor_fragile_assert() instead, I guess, though that seems to always do nothing.

comment:4 in reply to:  3 Changed 7 years ago by nickm

Replying to mikeperry:

Whee. How is it we're building onehop tunnels with something other than 1 desired hop, I wonder..

I would suspect that it has something to do with using Tor2Web mode. The coincidence otherwise would be pretty startling.

[...]

Should I change them to LD_BUG notice logs for 0.2.4.x, and LD_BUG info lines for 0.2.3.x? I can also add a tor_fragile_assert() instead, I guess, though that seems to always do nothing.

That sounds like a plan, though an even better plan would involve figuring out why it's happening, so it can get fixed.

comment:5 Changed 7 years ago by mikeperry

I spent a little time looking at the Tor2web codepaths. I'm still not 100% clear where it is picking up the extra hop in normal operation. As far as I can tell, tor2web circuits should only be 1 hop, should not be possible to cannibalize, and there should be no client activity allowed other than tor2web's one-hop hidden service client traffic.

fob: Did you hack your tor source code to do anything special other than enabling tor2web mode?

comment:6 in reply to:  5 Changed 7 years ago by rransom

Replying to mikeperry:

I spent a little time looking at the Tor2web codepaths. I'm still not 100% clear where it is picking up the extra hop in normal operation. As far as I can tell, tor2web circuits should only be 1 hop, should not be possible to cannibalize,

If a hidden service client fails to introduce to a hidden service (or times out) at one of the services' introduction points, the hidden-service client code will extend the introduction circuit by one hop to the next introduction point it chooses. (This is a big win for non-tor2web-mode HS clients.)

and there should be no client activity allowed other than tor2web's one-hop hidden service client traffic.

tor2web mode does not prevent the user from operating a hidden service with that Tor instance. (The service-side part of a hidden service is client-ish enough to build circuits.)

Perhaps it should prevent users from operating hidden services, and turn off UseEntryGuards (as I understand it, this would disable the path-bias detection code). They're not getting anonymity anyway.

comment:7 in reply to:  5 Changed 7 years ago by fob

Replying to mikeperry:

fob: Did you hack your tor source code to do anything special other than enabling tor2web mode?

Nope, no changes except for ./configure --enable-tor2web-mode and add those two lines to the torrc.

comment:8 Changed 7 years ago by mikeperry

Actual Points: 3
Status: assignedneeds_review

Ok, see mikeperry/bug6866-0.2.3 and mikeperry/bug6866-master for patches against maint-0.2.3 and master, respectively. The master branch also disables guard nodes as per rransom's suggestion.

comment:9 Changed 7 years ago by nickm

The "don't use guards with tor2web" thing is now #6888, so the changes file has something to talk about. I just read the branches; they look okay. if they still look okay once I've read them again, I'll update the changes file to mention #6888 and merge.

comment:10 Changed 7 years ago by nickm

Resolution: fixed
Status: needs_reviewclosed

Merged the 0.2.3 one into maint-0.2.3, then did a simple patch on master to convert it back to notice, then cherry-picked the commit for #6888.

comment:11 Changed 7 years ago by rransom

Resolution: fixed
Status: closedreopened

The comment explaining why entry guards should be disabled when tor2web mode is active is bogus. Also, it should warn more loudly if the user has configured any hidden services.

comment:12 in reply to:  11 Changed 7 years ago by rransom

Resolution: fixed
Status: reopenedclosed

Replying to rransom:

The comment explaining why entry guards should be disabled when tor2web mode is active is bogus. Also, it should warn more loudly if the user has configured any hidden services.

Wrong ticket.

comment:13 Changed 7 years ago by nickm

Keywords: tor-client added

comment:14 Changed 7 years ago by nickm

Component: Tor ClientTor
Note: See TracTickets for help on using tickets.