Fix TROVE-2017-012: Relays can pick themselves in a circuit path
Ticket for medium severity issue TROVE-2017-012
TROVE-2017-012: Relays can pick themselves in a circuit path SEVERITY: Medium ALSO TRACKED AS: CVE-2017-8822 DESCRIPTION A relay can open circuits for reachability purposes, preemptive Exit circuits or possible onion service client usage. If a relay doesn't have the descriptors of all the relays in the network, it is possible for the relay to pick itself in a circuit path like so (R1: Relay, G: Guard, E: Exit): R1 -> G -> R1 -> E This leads to a log warning on the Guard node and the circuit being closed immediately because tor doesn't allow to extend to the previous node. Furthermore, a relay can also pick itself as a primary guard, leading to it being unable to open any circuits for a while, until enough failures have been recorded and the guard is switched. This can only happens if the relay doesn't have all descriptors downloaded yet, and if it considers itself in the consensus. This affects version >= 0.2.0.x series which is basically every relay on the network. MITIGATION NOTES: 1. If you are using tor but it is not configured as a relay, this doesn't affect you. 2. This can have anonymity consequences if you are running a onion service and a relay at the same time on the same tor instance. It is something we do NOT recommend in the first place, so: avoid doing this. ACKNOWLEDGMENTS: Thanks to the Tor network team members who tracked this down! FIX: Everyone affected should upgrade to one of the releases with the fix for this issue: 0.2.5.16, 0.2.8.17, 0.2.9.14, 0.3.0.13, 0.3.1.9, or 0.3.2.6-alpha.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information