mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-27 22:03:31 +01:00
Merge branch 'maint-0.4.7'
This commit is contained in:
commit
bf30943cb7
4
changes/ticket40649
Normal file
4
changes/ticket40649
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
o Minor bugfixes (relay):
|
||||||
|
- Do not propagate either forward or backward a DESTROY remote reason when
|
||||||
|
closing a circuit so to avoid a possible side channel. Fixes bug 40649;
|
||||||
|
bugfix on 0.1.2.4-alpha.
|
@ -656,9 +656,11 @@ command_process_destroy_cell(cell_t *cell, channel_t *chan)
|
|||||||
if (!CIRCUIT_IS_ORIGIN(circ) &&
|
if (!CIRCUIT_IS_ORIGIN(circ) &&
|
||||||
chan == TO_OR_CIRCUIT(circ)->p_chan &&
|
chan == TO_OR_CIRCUIT(circ)->p_chan &&
|
||||||
cell->circ_id == TO_OR_CIRCUIT(circ)->p_circ_id) {
|
cell->circ_id == TO_OR_CIRCUIT(circ)->p_circ_id) {
|
||||||
/* the destroy came from behind */
|
/* The destroy came from behind so nullify its p_chan. Close the circuit
|
||||||
|
* with a DESTROYED reason so we don't propagate along the path forward the
|
||||||
|
* reason which could be used as a side channel. */
|
||||||
circuit_set_p_circid_chan(TO_OR_CIRCUIT(circ), 0, NULL);
|
circuit_set_p_circid_chan(TO_OR_CIRCUIT(circ), 0, NULL);
|
||||||
circuit_mark_for_close(circ, reason|END_CIRC_REASON_FLAG_REMOTE);
|
circuit_mark_for_close(circ, END_CIRC_REASON_DESTROYED);
|
||||||
} else { /* the destroy came from ahead */
|
} else { /* the destroy came from ahead */
|
||||||
circuit_set_n_circid_chan(circ, 0, NULL);
|
circuit_set_n_circid_chan(circ, 0, NULL);
|
||||||
if (CIRCUIT_IS_ORIGIN(circ)) {
|
if (CIRCUIT_IS_ORIGIN(circ)) {
|
||||||
@ -666,9 +668,10 @@ command_process_destroy_cell(cell_t *cell, channel_t *chan)
|
|||||||
} else {
|
} else {
|
||||||
/* Close the circuit so we stop queuing cells for it and propagate the
|
/* Close the circuit so we stop queuing cells for it and propagate the
|
||||||
* DESTROY cell down the circuit so relays can stop queuing in-flight
|
* DESTROY cell down the circuit so relays can stop queuing in-flight
|
||||||
* cells for this circuit which helps with memory pressure. */
|
* cells for this circuit which helps with memory pressure. We do NOT
|
||||||
|
* propagate the remote reason so not to create a side channel. */
|
||||||
log_debug(LD_OR, "Received DESTROY cell from n_chan, closing circuit.");
|
log_debug(LD_OR, "Received DESTROY cell from n_chan, closing circuit.");
|
||||||
circuit_mark_for_close(circ, reason | END_CIRC_REASON_FLAG_REMOTE);
|
circuit_mark_for_close(circ, END_CIRC_REASON_DESTROYED);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user