diff options
author | David Goulet <dgoulet@torproject.org> | 2017-08-23 11:15:25 -0400 |
---|---|---|
committer | David Goulet <dgoulet@torproject.org> | 2017-08-24 13:03:28 -0400 |
commit | 954f663831622f281ece83519552f91cd0fdda72 (patch) | |
tree | f6cc0321ff3b1b63ec121a33e45ee7d960718eb9 /src/or/hs_client.c | |
parent | 5f94c4a0f17403060d5030fab3e81bde46693119 (diff) | |
download | tor-954f663831622f281ece83519552f91cd0fdda72.tar.gz tor-954f663831622f281ece83519552f91cd0fdda72.zip |
prop224: Try to recover from a bad intro circuit
Changed the assert_intro_circ_ok() to an almost non fatal function so tor can
recover properly. We keep the anonymity assert because if that is not right,
we have much deeper problems and client should stop sending bytes to the
network immediately.
Signed-off-by: David Goulet <dgoulet@torproject.org>
Diffstat (limited to 'src/or/hs_client.c')
-rw-r--r-- | src/or/hs_client.c | 35 |
1 files changed, 27 insertions, 8 deletions
diff --git a/src/or/hs_client.c b/src/or/hs_client.c index cfbda23277..57bd870798 100644 --- a/src/or/hs_client.c +++ b/src/or/hs_client.c @@ -179,16 +179,33 @@ fetch_v3_desc(const ed25519_public_key_t *onion_identity_pk) return directory_launch_v3_desc_fetch(onion_identity_pk, hsdir_rs); } -/* Make sure that the given origin circuit circ is a valid correct - * introduction circuit. This asserts on validation failure. */ -static void -assert_intro_circ_ok(const origin_circuit_t *circ) +/* Make sure that the given v3 origin circuit circ is a valid correct + * introduction circuit. This will BUG() on any problems and hard assert if + * the anonymity of the circuit is not ok. Return 0 on success else -1 where + * the circuit should be mark for closed immediately. */ +static int +intro_circ_is_ok(const origin_circuit_t *circ) { + int ret = 0; + tor_assert(circ); - tor_assert(circ->base_.purpose == CIRCUIT_PURPOSE_C_INTRODUCING); - tor_assert(circ->hs_ident); - tor_assert(hs_ident_intro_circ_is_valid(circ->hs_ident)); + + if (BUG(TO_CIRCUIT(circ)->purpose != CIRCUIT_PURPOSE_C_INTRODUCING && + TO_CIRCUIT(circ)->purpose != CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT && + TO_CIRCUIT(circ)->purpose != CIRCUIT_PURPOSE_C_INTRODUCE_ACKED)) { + ret = -1; + } + if (BUG(circ->hs_ident == NULL)) { + ret = -1; + } + if (BUG(!hs_ident_intro_circ_is_valid(circ->hs_ident))) { + ret = -1; + } + + /* This can stop the tor daemon but we want that since if we don't have + * anonymity on this circuit, something went really wrong. */ assert_circ_anonymity_ok(circ, get_options()); + return ret; } /* Find a descriptor intro point object that matches the given ident in the @@ -264,8 +281,10 @@ send_introduce1(origin_circuit_t *intro_circ, const ed25519_public_key_t *service_identity_pk = NULL; const hs_desc_intro_point_t *ip; - assert_intro_circ_ok(intro_circ); tor_assert(rend_circ); + if (intro_circ_is_ok(intro_circ) < 0) { + goto perm_err; + } service_identity_pk = &intro_circ->hs_ident->identity_pk; /* For logging purposes. There will be a time where the hs_ident will have a |