aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Perry <mikeperry-git@fscked.org>2013-01-18 19:29:17 -0800
committerMike Perry <mikeperry-git@fscked.org>2013-01-18 19:46:28 -0800
commit24b9b9f791defcb6156c587a035fde58c35a46d9 (patch)
treea78148078b0482c474ebeb0a9d97053b89d7b466
parente13e30221ef6715cafa93bbffc156583c8b58ecf (diff)
downloadtor-24b9b9f791defcb6156c587a035fde58c35a46d9.tar
tor-24b9b9f791defcb6156c587a035fde58c35a46d9.tar.gz
Roll back the path_state for circs if we detatch a stream.
An adversary could let the first stream request succeed (ie the resolve), but then tag and timeout the remainder (via cell dropping), forcing them on new circuits. Rolling back the state will cause us to probe such circuits, which should lead to probe failures in the event of such tagging due to either unrecognized cells coming in while we wait for the probe, or the cipher state getting out of sync in the case of dropped cells.
-rw-r--r--src/or/connection_edge.c19
1 files changed, 19 insertions, 0 deletions
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index 41795acb6..9e2c15d2c 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -637,6 +637,16 @@ connection_ap_expire_beginning(void)
}
if (circ->purpose == CIRCUIT_PURPOSE_C_REND_JOINED) {
if (seconds_idle >= options->SocksTimeout) {
+ /* Path bias: We need to probe the circuit to ensure validity.
+ * Roll its state back if it succeeded so that we do so upon close. */
+ if (TO_ORIGIN_CIRCUIT(circ)->path_state == PATH_STATE_USE_SUCCEEDED) {
+ log_info(LD_CIRC,
+ "Rolling back pathbias use state to 'attempted' for timed "
+ "out rend circ %d",
+ TO_ORIGIN_CIRCUIT(circ)->global_identifier);
+ TO_ORIGIN_CIRCUIT(circ)->path_state = PATH_STATE_USE_ATTEMPTED;
+ }
+
log_fn(severity, LD_REND,
"Rend stream is %d seconds late. Giving up on address"
" '%s.onion'.",
@@ -806,6 +816,15 @@ connection_ap_detach_retriable(entry_connection_t *conn,
control_event_stream_status(conn, STREAM_EVENT_FAILED_RETRIABLE, reason);
ENTRY_TO_CONN(conn)->timestamp_lastread = time(NULL);
+ /* Path bias: We need to probe the circuit to ensure validity.
+ * Roll its state back if it succeeded so that we do so upon close. */
+ if (circ->path_state == PATH_STATE_USE_SUCCEEDED) {
+ log_info(LD_CIRC,
+ "Rolling back pathbias use state to 'attempted' for detached "
+ "circuit %d", circ->global_identifier);
+ circ->path_state = PATH_STATE_USE_ATTEMPTED;
+ }
+
if (conn->pending_optimistic_data) {
generic_buffer_set_to_copy(&conn->sending_optimistic_data,
conn->pending_optimistic_data);