Opened 11 years ago

Last modified 7 years ago

#840 closed defect (Fixed)

Should Hidden Service answer if a wrong 'begin' cell?

Reported by: rovv Owned by:
Priority: Low Milestone:
Component: Core Tor/Tor Version: 0.2.0.31
Severity: Keywords:
Cc: rovv, nickm, karsten Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

After fix of 444, HS not anymore closing circuits if a wrong 'begin'
cells received. However they never sended 'RELAY_END' cells also.
So well-behaved clients don't known if problems happened.

On other hand, if HS answers then attacker can measure latency
(bad 'begin' <-> 'end' cell) on Tor-level so long as he want. (just IMO)

if HS should answer, then a fix:

--- connection_edge.original.c Mon Sep 29 19:20:02 2008
+++ connection_edge.c Mon Oct 20 15:34:18 2008
@@ -2566,7 +2566,7 @@

n_stream->_base.port);

end_payload[0] = END_STREAM_REASON_EXITPOLICY;
relay_send_command_from_edge(rh.stream_id, circ, RELAY_COMMAND_END,

  • end_payload, 1, NULL);

+ end_payload, 1, origin_circ->cpath->prev);

connection_free(TO_CONN(n_stream));
tor_free(address);
return 0;

[Automatically added by flyspray2trac: Operating System: All]

Child Tickets

Change History (3)

comment:1 Changed 11 years ago by nickm

Looks good; applied as 17137.

comment:2 Changed 11 years ago by nickm

flyspray2trac: bug closed.

comment:3 Changed 7 years ago by nickm

Component: Tor ClientTor
Note: See TracTickets for help on using tickets.