commit acd27f4b419907052d0677933fe5068a5c25953f parent 570d1367ea6c03335d1c4ee781c5197e26c6b24a Author: teor <teor@torproject.org> Date: Fri, 25 Oct 2019 09:41:48 +1000 Merge remote-tracking branch 'tor-github/pr/1464' into maint-0.4.2 Diffstat:
| A | changes/ticket28970 | | | 6 | ++++++ |
| M | src/feature/hs/hs_client.c | | | 8 | ++++++-- |
2 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/changes/ticket28970 b/changes/ticket28970 @@ -0,0 +1,6 @@ + o Minor bugfixes (clietn, hidden service v3): + - Fix a BUG() assertion that occurs within a very small race window between + a client intro circuit opens and its descriptor that gets cleaned up from + the cache. The circuit is now closed which will trigger a re-fetch of the + descriptor and continue the HS connection. Fixes bug 28970; bugfix on + 0.3.2.1-alpha. diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c @@ -682,8 +682,12 @@ setup_intro_circ_auth_key(origin_circuit_t *circ) tor_assert(circ); desc = hs_cache_lookup_as_client(&circ->hs_ident->identity_pk); - if (BUG(desc == NULL)) { - /* Opening intro circuit without the descriptor is no good... */ + if (desc == NULL) { + /* There is a very small race window between the opening of this circuit + * and the client descriptor cache that gets purged (NEWNYM) or the + * cleaned up because it expired. Mark the circuit for close so a new + * descriptor fetch can occur. */ + circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL); goto end; }