From dc13936f20e6263a099f40d32a274847e8384f96 Mon Sep 17 00:00:00 2001 From: David Goulet Date: Wed, 27 Jul 2022 08:32:01 -0400 Subject: [PATCH 1/2] relay: Use remote reason when sending back a DESTROY Fix from previous commit where a DESTROY cell is sent instead of a TRUNCATED. Related to #40623 Signed-off-by: David Goulet --- src/core/or/command.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core/or/command.c b/src/core/or/command.c index 6ddfc317d6..65853f7844 100644 --- a/src/core/or/command.c +++ b/src/core/or/command.c @@ -641,7 +641,7 @@ command_process_destroy_cell(cell_t *cell, channel_t *chan) * DESTROY cell down the circuit so relays can stop queuing in-flight * cells for this circuit which helps with memory pressure. */ log_debug(LD_OR, "Received DESTROY cell from n_chan, closing circuit."); - circuit_mark_for_close(circ, END_CIRC_REASON_TORPROTOCOL); + circuit_mark_for_close(circ, reason | END_CIRC_REASON_FLAG_REMOTE); } } } From 8e7bd9636260af3e31997e2ad5ec071c4e7a0153 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Wed, 27 Jul 2022 09:16:50 -0400 Subject: [PATCH 2/2] Fix a check, make a netflow padding function more safe. Previously, `channelpadding_get_netflow_inactive_timeout_ms` would crash with an assertion failure if `low_timeout` was greater than `high_timeout`. That wasn't possible in practice because of checks in `channelpadding_update_padding_for_channel`, but it's better not to have a function whose correctness is this tricky to prove. Fixes #40645. Bugfix on 0.3.1.1-alpha. --- changes/bug40645 | 5 +++++ src/core/or/channelpadding.c | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 changes/bug40645 diff --git a/changes/bug40645 b/changes/bug40645 new file mode 100644 index 0000000000..044d5b67d2 --- /dev/null +++ b/changes/bug40645 @@ -0,0 +1,5 @@ + o Minor bugfixes (defense in depth): + - Change a test in the netflow padding code to make it more + _obviously_ safe against remotely triggered crashes. + (It was safe against these before, but not obviously so.) + Fixes bug 40645; bugfix on 0.3.1.1-alpha. diff --git a/src/core/or/channelpadding.c b/src/core/or/channelpadding.c index d0c43e8bdc..d4c19491ac 100644 --- a/src/core/or/channelpadding.c +++ b/src/core/or/channelpadding.c @@ -186,7 +186,7 @@ channelpadding_get_netflow_inactive_timeout_ms(const channel_t *chan) high_timeout = MAX(high_timeout, chan->padding_timeout_high_ms); } - if (low_timeout == high_timeout) + if (low_timeout >= high_timeout) return low_timeout; // No randomization /*