summaryrefslogtreecommitdiff
path: root/src/feature/hs
diff options
context:
space:
mode:
authorDavid Goulet <dgoulet@torproject.org>2019-10-23 10:20:09 -0400
committerDavid Goulet <dgoulet@torproject.org>2019-10-24 08:50:01 -0400
commited57a04a65a59ee744910a9db22a81359dac3491 (patch)
treeb6f269448559b3a9d7ecc2bd9fe46cc44d8c1800 /src/feature/hs
parentd175e70817ccff01cd9eb73d8da9e306745fb469 (diff)
downloadtor-ed57a04a65a59ee744910a9db22a81359dac3491.tar.gz
tor-ed57a04a65a59ee744910a9db22a81359dac3491.zip
hs-v3: Remove a BUG() caused by an acceptable race
hs_client_purge_state() and hs_cache_clean_as_client() can remove a descriptor from the client cache with a NEWNYM or simply when the descriptor expires. Which means that for an INTRO circuit being established during that time, once it opens, we lookup the descriptor to get the IP object but hey surprised, no more descriptor. The approach here is minimalist that is accept the race and close the circuit since we can not continue. Before that, the circuit would stay opened and the client wait the SockTimeout. Fixers #28970. Signed-off-by: David Goulet <dgoulet@torproject.org>
Diffstat (limited to 'src/feature/hs')
-rw-r--r--src/feature/hs/hs_client.c8
1 files changed, 6 insertions, 2 deletions
diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c
index 2a5765aec2..fd2d266453 100644
--- a/src/feature/hs/hs_client.c
+++ b/src/feature/hs/hs_client.c
@@ -672,8 +672,12 @@ setup_intro_circ_auth_key(origin_circuit_t *circ)
tor_assert(circ);
desc = hs_cache_lookup_as_client(&circ->hs_ident->identity_pk);
- if (BUG(desc == NULL)) {
- /* Opening intro circuit without the descriptor is no good... */
+ if (desc == NULL) {
+ /* There is a very small race window between the opening of this circuit
+ * and the client descriptor cache that gets purged (NEWNYM) or the
+ * cleaned up because it expired. Mark the circuit for close so a new
+ * descriptor fetch can occur. */
+ circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL);
goto end;
}