diff options
| author | David Goulet <dgoulet@torproject.org> | 2018-09-20 09:32:13 -0400 |
|---|---|---|
| committer | David Goulet <dgoulet@torproject.org> | 2018-09-21 08:44:12 -0400 |
| commit | 79265a6fb606e416529f5a1dd31c94f15edec91b (patch) | |
| tree | 98e2774b37dc671ef93a2af9a7125e293a1a9500 /src/feature/hs/hs_client.c | |
| parent | 119159677be14351ebcae647d3988f4f2fd9eb72 (diff) | |
| download | tor-79265a6fb606e416529f5a1dd31c94f15edec91b.tar.gz tor-79265a6fb606e416529f5a1dd31c94f15edec91b.zip | |
hs-v3: Don't BUG() if the RP node_t is invalid client side
When sending the INTRODUCE1 cell, we acquire the needed data for the cell but
if the RP node_t has invalid data, we'll fail the send and completely kill the
SOCKS connection.
Instead, close the rendezvous circuit and return a transient error meaning
that Tor can recover by selecting a new rendezvous point. We'll also do the
same when we are unable to encode the INTRODUCE1 cell for which at that point,
we'll simply take another shot at a new rendezvous point.
Fixes #27774
Signed-off-by: David Goulet <dgoulet@torproject.org>
Diffstat (limited to 'src/feature/hs/hs_client.c')
| -rw-r--r-- | src/feature/hs/hs_client.c | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c index a6384b87a3..441edc3247 100644 --- a/src/feature/hs/hs_client.c +++ b/src/feature/hs/hs_client.c @@ -576,10 +576,21 @@ send_introduce1(origin_circuit_t *intro_circ, /* Send the INTRODUCE1 cell. */ if (hs_circ_send_introduce1(intro_circ, rend_circ, ip, desc->subcredential) < 0) { - /* Unable to send the cell, the intro circuit has been marked for close so - * this is a permanent error. */ - tor_assert_nonfatal(TO_CIRCUIT(intro_circ)->marked_for_close); - goto perm_err; + if (TO_CIRCUIT(intro_circ)->marked_for_close) { + /* If the introduction circuit was closed, we were unable to send the + * cell for some reasons. In any case, the intro circuit has to be + * closed by the above function. We'll return a transient error so tor + * can recover and pick a new intro point. To avoid picking that same + * intro point, we'll note down the intro point failure so it doesn't + * get reused. */ + hs_cache_client_intro_state_note(service_identity_pk, + &intro_circ->hs_ident->intro_auth_pk, + INTRO_POINT_FAILURE_GENERIC); + } + /* It is also possible that the rendezvous circuit was closed due to being + * unable to use the rendezvous point node_t so in that case, we also want + * to recover and let tor pick a new one. */ + goto tran_err; } /* Cell has been sent successfully. Copy the introduction point |