From e0da64fd27a8c1a34668dfa337877c0aeb398022 Mon Sep 17 00:00:00 2001 From: George Kadianakis Date: Fri, 3 Jul 2020 16:06:17 +0300 Subject: Handle a failure edge-case when a client-side intro circ opens. --- src/feature/hs/hs_client.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) (limited to 'src/feature') diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c index c3697d0c1d..a49999d7d1 100644 --- a/src/feature/hs/hs_client.c +++ b/src/feature/hs/hs_client.c @@ -704,8 +704,11 @@ send_introduce1(origin_circuit_t *intro_circ, } /** Using the introduction circuit circ, setup the authentication key of the - * intro point this circuit has extended to. */ -static void + * intro point this circuit has extended to. + * + * Return 0 if everything went well, otherwise return -1 in the case of errors. + */ +static int setup_intro_circ_auth_key(origin_circuit_t *circ) { const hs_descriptor_t *desc; @@ -736,10 +739,12 @@ setup_intro_circ_auth_key(origin_circuit_t *circ) /* Reaching this point means we didn't find any intro point for this circuit * which is not supposed to happen. */ - tor_assert_nonfatal_unreached(); + circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL); + log_info(LD_REND, "Could not match opened intro circuit with intro point."); + return -1; end: - return; + return 0; } /** Called when an introduction circuit has opened. */ @@ -754,7 +759,9 @@ client_intro_circ_has_opened(origin_circuit_t *circ) /* This is an introduction circuit so we'll attach the correct * authentication key to the circuit identifier so it can be identified * properly later on. */ - setup_intro_circ_auth_key(circ); + if (setup_intro_circ_auth_key(circ) < 0) { + return; + } connection_ap_attach_pending(1); } -- cgit v1.2.3-54-g00ecf From c1598be1e01cdadda56f9fd41909ee8e9b7b4ecf Mon Sep 17 00:00:00 2001 From: George Kadianakis Date: Fri, 3 Jul 2020 16:08:34 +0300 Subject: Refactor setup_intro_circ_auth_key() to make it simpler. It now uses the 'goto err' pattern, instead of the fatal_unreached() pattern. The latter pattern is usually used when there is a loop, but there is no loop in this function so it can be simplified easily. --- src/feature/hs/hs_client.c | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) (limited to 'src/feature') diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c index a49999d7d1..7f4d5385e9 100644 --- a/src/feature/hs/hs_client.c +++ b/src/feature/hs/hs_client.c @@ -722,29 +722,28 @@ setup_intro_circ_auth_key(origin_circuit_t *circ) * and the client descriptor cache that gets purged (NEWNYM) or the * cleaned up because it expired. Mark the circuit for close so a new * descriptor fetch can occur. */ - circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL); - goto end; + goto err; } /* We will go over every intro point and try to find which one is linked to * that circuit. Those lists are small so it's not that expensive. */ ip = find_desc_intro_point_by_legacy_id( circ->build_state->chosen_exit->identity_digest, desc); - if (ip) { - /* We got it, copy its authentication key to the identifier. */ - ed25519_pubkey_copy(&circ->hs_ident->intro_auth_pk, - &ip->auth_key_cert->signed_key); - goto end; + if (!ip) { + /* Reaching this point means we didn't find any intro point for this + * circuit which is not supposed to happen. */ + log_info(LD_REND,"Could not match opened intro circuit with intro point."); + goto err; } - /* Reaching this point means we didn't find any intro point for this circuit - * which is not supposed to happen. */ + /* We got it, copy its authentication key to the identifier. */ + ed25519_pubkey_copy(&circ->hs_ident->intro_auth_pk, + &ip->auth_key_cert->signed_key); + return 0; + + err: circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL); - log_info(LD_REND, "Could not match opened intro circuit with intro point."); return -1; - - end: - return 0; } /** Called when an introduction circuit has opened. */ -- cgit v1.2.3-54-g00ecf