tor

The Tor anonymity network
git clone https://git.dasho.dev/tor.git
Log | Files | Refs | README | LICENSE
commit 935160ce8629096691268f9902a803c4b871bacc
parent 36203e88949c6928d2bdb4bffe8b5e7e68657ee9
Author: George Kadianakis <desnacked@riseup.net>
Date:   Tue, 25 Aug 2020 14:51:23 +0300

Merge branch 'maint-0.4.4'

Diffstat:

Achanges/ticket40109 | 6++++++


Msrc/core/or/or_circuit_st.h | 4++++


Msrc/feature/hs/hs_dos.c | 5+++++


Msrc/feature/hs/hs_intropoint.c | 5+++++


4 files changed, 20 insertions(+), 0 deletions(-)

diff --git a/changes/ticket40109 b/changes/ticket40109
@@ -0,0 +1,6 @@
+  o Major bugfixes (onion services, DoS):
+    - The consensus parameters for the onion service DoS defenses was
+      overwriting the circuit parameters that could have been set by the service
+      operator using HiddenServiceEnableIntroDoSDefense. Fixes bug 40109; bugfix
+      on 0.4.2.1-alpha.
+
diff --git a/src/core/or/or_circuit_st.h b/src/core/or/or_circuit_st.h
@@ -75,6 +75,10 @@ struct or_circuit_t {
   /** If set, the DoS defenses are enabled on this circuit meaning that the
    * introduce2_bucket is initialized and used. */
   unsigned int introduce2_dos_defense_enabled : 1;
+  /** If set, the DoS defenses were explicitly enabled through the
+   * ESTABLISH_INTRO cell extension. If unset, the consensus is used to learn
+   * if the defenses can be enabled or not. */
+  unsigned int introduce2_dos_defense_explicit : 1;
 
   /** INTRODUCE2 cell bucket controlling how much can go on this circuit. Only
    * used if this is a service introduction circuit at the intro point
diff --git a/src/feature/hs/hs_dos.c b/src/feature/hs/hs_dos.c
@@ -93,6 +93,11 @@ update_intro_circuits(void)
   smartlist_t *intro_circs = hs_circuitmap_get_all_intro_circ_relay_side();
 
   SMARTLIST_FOREACH_BEGIN(intro_circs, circuit_t *, circ) {
+    /* Ignore circuit if the defenses were set explicitly through the
+     * ESTABLISH_INTRO cell DoS extension. */
+    if (TO_OR_CIRCUIT(circ)->introduce2_dos_defense_explicit) {
+      continue;
+    }
     /* Defenses might have been enabled or disabled. */
     TO_OR_CIRCUIT(circ)->introduce2_dos_defense_enabled =
       consensus_param_introduce_defense_enabled;
diff --git a/src/feature/hs/hs_intropoint.c b/src/feature/hs/hs_intropoint.c
@@ -285,6 +285,11 @@ handle_establish_intro_cell_dos_extension(
     }
   }
 
+  /* At this point, the extension is valid so any values out of it implies
+   * that it was set explicitly and thus flag the circuit that it should not
+   * look at the consensus for that reason for the defenses' values. */
+  circ->introduce2_dos_defense_explicit = 1;
+
   /* A value of 0 is valid in the sense that we accept it but we still disable
    * the defenses so return false. */
   if (intro2_rate_per_sec == 0 || intro2_burst_per_sec == 0) {