diff options
| author | David Goulet <dgoulet@torproject.org> | 2022-08-02 16:14:02 -0400 |
|---|---|---|
| committer | David Goulet <dgoulet@torproject.org> | 2022-08-02 16:14:02 -0400 |
| commit | 487c47d556875ba405cecc88e6d6d0a0c304c4fb (patch) | |
| tree | bfdae0fa8742be82f94eec2ee74f0c71bdc1f7b6 | |
| parent | 0f9842a0d2018aef1d69f9cc66ae49e5e7fc2add (diff) | |
| parent | 5cc6ab0c1e21e6c410f28fcbe67876277dab633d (diff) | |
| download | tor-487c47d556875ba405cecc88e6d6d0a0c304c4fb.tar.gz tor-487c47d556875ba405cecc88e6d6d0a0c304c4fb.zip | |
Merge branch 'maint-0.4.6' into release-0.4.6
| -rw-r--r-- | changes/ticket40649 | 4 | ||||
| -rw-r--r-- | src/core/or/command.c | 11 |
2 files changed, 11 insertions, 4 deletions
diff --git a/changes/ticket40649 b/changes/ticket40649 new file mode 100644 index 0000000000..28df58f106 --- /dev/null +++ b/changes/ticket40649 @@ -0,0 +1,4 @@ + o Minor bugfixes (relay): + - Do not propagate either forward or backward a DESTROY remote reason when + closing a circuit so to avoid a possible side channel. Fixes bug 40649; + bugfix on 0.1.2.4-alpha. diff --git a/src/core/or/command.c b/src/core/or/command.c index c08b255914..9155f52aae 100644 --- a/src/core/or/command.c +++ b/src/core/or/command.c @@ -652,9 +652,11 @@ command_process_destroy_cell(cell_t *cell, channel_t *chan) if (!CIRCUIT_IS_ORIGIN(circ) && chan == TO_OR_CIRCUIT(circ)->p_chan && cell->circ_id == TO_OR_CIRCUIT(circ)->p_circ_id) { - /* the destroy came from behind */ + /* The destroy came from behind so nullify its p_chan. Close the circuit + * with a DESTROYED reason so we don't propagate along the path forward the + * reason which could be used as a side channel. */ circuit_set_p_circid_chan(TO_OR_CIRCUIT(circ), 0, NULL); - circuit_mark_for_close(circ, reason|END_CIRC_REASON_FLAG_REMOTE); + circuit_mark_for_close(circ, END_CIRC_REASON_DESTROYED); } else { /* the destroy came from ahead */ circuit_set_n_circid_chan(circ, 0, NULL); if (CIRCUIT_IS_ORIGIN(circ)) { @@ -662,9 +664,10 @@ command_process_destroy_cell(cell_t *cell, channel_t *chan) } else { /* Close the circuit so we stop queuing cells for it and propagate the * DESTROY cell down the circuit so relays can stop queuing in-flight - * cells for this circuit which helps with memory pressure. */ + * cells for this circuit which helps with memory pressure. We do NOT + * propagate the remote reason so not to create a side channel. */ log_debug(LD_OR, "Received DESTROY cell from n_chan, closing circuit."); - circuit_mark_for_close(circ, reason | END_CIRC_REASON_FLAG_REMOTE); + circuit_mark_for_close(circ, END_CIRC_REASON_DESTROYED); } } } |