Skip to content

GitLab

Trac
Trac

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

Closed (moved)
Opened by Roger Dingledine@arma

Relays should drop/destroy begin cells with streamid 0

Properly behaving clients can't generate a begin cell with streamid 0:

  if (test_stream_id == 0)
    goto again;

but if such a begin cell does arrive at an exit, it will still launch the stream. And since relay_lookup_conn() returns NULL if streamid is 0, so there's no way to address another cell (e.g. a relay end cell) to this stream. It opens but can never be closed.

This is an issue for RELAY_COMMAND_BEGIN, RELAY_COMMAND_BEGIN_DIR, and RELAY_COMMAND_RESOLVE in particular. But we should solve it for all non-control relay cells:

          1 -- RELAY_BEGIN     [forward]
          2 -- RELAY_DATA      [forward or backward]   
          3 -- RELAY_END       [forward or backward]   
          4 -- RELAY_CONNECTED [backward]
         11 -- RELAY_RESOLVE   [forward]
         12 -- RELAY_RESOLVED  [backward]
         13 -- RELAY_BEGIN_DIR [forward]

I think the resolution could be to kill the circuit for breaking protocol?

Bug reported by oftc_must_be_destroyed on oftc.

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information