[tbb-bugs] #26514 [Applications/Tor Browser]: intermittent updater failures on Win64 (Error 19)

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Jul 20 18:46:09 UTC 2018

#26514: intermittent updater failures on Win64 (Error 19)
 Reporter:  mcs                       |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  Very High                 |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  TorBrowserTeam201807      |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:

Comment (by mcs):

 Adding logging that occurred after the signature verification failed was
 helpful and allowed Kathy and me to pin down the cause of this bug in an
 ESR52-based Tor Browser (but so far not the root cause).

 The reason the signature verification fails is because a byte from the MAR
 file that should be skipped when computing the SHA-512 hash is included in
 the stream of bytes that is provided as input to the NSS hashing code.

 The reason the extra byte is included is because (it seems) there is a bug
 in the stdio functions that are used inside
 `modules/libmar/verify/mar_verify.c` to read the MAR file. The bug is that
 the file offset is incorrect (functions such as `ftello()` return a value
 that is off by one), and when the code inside
 `mar_verify_signatures_for_fp()` uses `fseeko()` to skip past the embedded
 signature, the resulting file position is wrong.

 The wrong file position in turn causes one byte from the signature (which
 should have been skipped) to be used as input to the SHA-512 hashing code.
 Game over.

 My Windows debugging skills are limited, especially when working with
 optimized builds. Ideally someone who has some experience with mingw-w64
 internals would investigate further. I am not sure if this bug occurs with
 our ESR60-based Tor Browser builds; we could not reproduce it there but it
 is intermittent. The libmar code has not been modified much at all but
 maybe something has been fixed inside mingw-w64. Kathy and I implemented a
 workaround; I will attach the patch (which we can make available in a git
 repo if we decide to use it).

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26514#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list