Skip to content

onion-grater stream ownership check is very buggy resulting in restrict-stream-events being broken

This is the buggy check:

if self.client_address == event.source_address or \
   self.client_pid == pid_of_laddr((event.source_address,
                                    event.source_port)):
    self.client_streams.add(event.id)

It has two serious bugs:

  1. self.client_address is an (address, port) tuple but event.source_address is just an address, so the left-hand side of the condition is always False. I introduced this nonsense in commit 42fd3adf exactly 2 years ago to the day.
  2. The right-hand side is broken for clients running in a netns: in that case self.client_pid == None and pid_of_laddr() can only handle loopback addresses so it will return None, so the comparision becomes None == None which is True.

So, in particular, restrict-stream-events is broken for Tor Browser, it has had access to all stream info for the past ~two years.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information