diff options
author | David Goulet <dgoulet@torproject.org> | 2021-01-29 14:40:56 -0500 |
---|---|---|
committer | David Goulet <dgoulet@torproject.org> | 2021-01-29 14:40:56 -0500 |
commit | ec9575944ac780d67bd36c0e6e64ddcebcdadeb3 (patch) | |
tree | c8b97942328b2f833c6577538947276db7614394 /src/core/or/connection_edge.c | |
parent | e50469299b36c6fd84881c8095144ca98ff4ada2 (diff) | |
parent | 46efbcb116b70f417c9e4241e4480688169b1813 (diff) | |
download | tor-ec9575944ac780d67bd36c0e6e64ddcebcdadeb3.tar.gz tor-ec9575944ac780d67bd36c0e6e64ddcebcdadeb3.zip |
Merge branch 'maint-0.4.5'
Diffstat (limited to 'src/core/or/connection_edge.c')
-rw-r--r-- | src/core/or/connection_edge.c | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/src/core/or/connection_edge.c b/src/core/or/connection_edge.c index b2390e4f04..d181cd35b3 100644 --- a/src/core/or/connection_edge.c +++ b/src/core/or/connection_edge.c @@ -4263,6 +4263,30 @@ connection_exit_connect(edge_connection_t *edge_conn) return; } + /* Next, check for attempts to connect back into the Tor network. We don't + * want to allow these for the same reason we don't want to allow + * infinite-length circuits (see "A Practical Congestion Attack on Tor Using + * Long Paths", Usenix Security 2009). See also ticket 2667. + * + * The TORPROTOCOL reason is used instead of EXITPOLICY so client do NOT + * attempt to retry connecting onto another circuit that will also fail + * bringing considerable more load on the network if so. + * + * Since the address+port set here is a bloomfilter, in very rare cases, the + * check will create a false positive meaning that the destination could + * actually be legit and thus being denied exit. However, sending back a + * reason that makes the client retry results in much worst consequences in + * case of an attack so this is a small price to pay. */ + if (!connection_edge_is_rendezvous_stream(edge_conn) && + nodelist_reentry_probably_contains(&conn->addr, conn->port)) { + log_info(LD_EXIT, "%s tried to connect back to a known relay address. " + "Closing.", connection_describe(conn)); + connection_edge_end(edge_conn, END_STREAM_REASON_TORPROTOCOL); + circuit_detach_stream(circuit_get_by_edge_conn(edge_conn), edge_conn); + connection_free(conn); + return; + } + #ifdef HAVE_SYS_UN_H if (conn->socket_family != AF_UNIX) { #else |