[tor-bugs] #6029 [Tor Relay]: relay crash in libcrypto (tor_tls_handshake)

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Fri Jun 1 11:13:52 UTC 2012 

#6029: relay crash in libcrypto (tor_tls_handshake)
-----------------------+----------------------------------------------------
 Reporter:  ln5        |          Owner:     
     Type:  defect     |         Status:  new
 Priority:  major      |      Milestone:     
Component:  Tor Relay  |        Version:     
 Keywords:             |         Parent:     
   Points:             |   Actualpoints:     
-----------------------+----------------------------------------------------
 This is on a very fast relay (>200 mbit/s).  Started happening day
 before yesterday without any known changes to tor, libevent or
 openssl.  Reproducable within hours it seems.

 $ uname -a
 Linux tor 2.6.32-38-server #83-Ubuntu SMP Wed Jan 4 11:26:59 UTC 2012
 x86_64 GNU/Linux

 libevent is 2.0.19-stable.

 Jun 01 08:49:46.000 [notice] Tor 0.2.3.15-alpha (git-2513a3e959b61612)
 opening log file.
 Jun 01 08:49:46.000 [notice] This version of OpenSSL has a known-good EVP
 counter-mode implementation. Using it.
 Jun 01 08:49:46.000 [notice] OpenSSL OpenSSL 1.0.1c 10 May 2012 looks like
 version 0.9.8m or later; I will try SSL_OP to enable renegotiation
 Jun 01 08:49:46.000 [notice] Your Tor server's identity key fingerprint is
 'ndnr1 6330CCF8FEED2EF9B12FCF6688E2577C65522BA4'

 (gdb) bt full
 #0  0x00007ffff6a02acd in write () from /lib/libc.so.6
 No symbol table info available.
 #1  0x00007ffff71a1035 in sock_write () from
 /home/linus/usr/lib/libcrypto.so.1.0.0
 No symbol table info available.
 #2  0x00007ffff719f1a7 in BIO_write () from
 /home/linus/usr/lib/libcrypto.so.1.0.0
 No symbol table info available.
 #3  0x00007ffff71a2389 in buffer_ctrl () from
 /home/linus/usr/lib/libcrypto.so.1.0.0
 No symbol table info available.
 #4  0x00007ffff74b6307 in ssl3_accept () from
 /home/linus/usr/lib/libssl.so.1.0.0
 No symbol table info available.
 #5  0x00007ffff74c2b05 in ssl23_get_client_hello () from
 /home/linus/usr/lib/libssl.so.1.0.0
 No symbol table info available.
 #6  0x00007ffff74c33e5 in ssl23_accept () from
 /home/linus/usr/lib/libssl.so.1.0.0
 No symbol table info available.
 #7  0x000000000052e3f9 in tor_tls_handshake (tls=0x7fffdc774b60) at
 tortls.c:1743
         r = 0
         oldstate = 24576
         __PRETTY_FUNCTION__ = "tor_tls_handshake"
         __func__ = "tor_tls_handshake"
 #8  0x00000000004bd04e in connection_tls_continue_handshake
 (conn=0x7fffdc4507a0)
     at connection_or.c:1182
         result = 7
         __PRETTY_FUNCTION__ = "connection_tls_continue_handshake"
         __func__ = "connection_tls_continue_handshake"
 #9  0x00000000004bcf01 in connection_tls_start_handshake
 (conn=0x7fffdc4507a0, receiving=1)
     at connection_or.c:1139
         __PRETTY_FUNCTION__ = "connection_tls_start_handshake"
         __func__ = "connection_tls_start_handshake"
 #10 0x00000000004a7b5b in connection_init_accepted_conn
 (conn=0x7fffdc4507a0, listener=0x7ac900)
     at connection.c:1278
 No locals.
 #11 0x00000000004a7a7f in connection_handle_listener_read (conn=0x7ac900,
 new_type=4)
     at connection.c:1256
         news = 314
         newconn = 0x7fffdc4507a0
         addrbuf = {ss_family = 2, __ss_align = 0, __ss_padding = '\000'
 <repeats 111 times>}
         remote = 0x7fffffffddd0
         remotelen = 16
         options = 0x7a9c80
         __PRETTY_FUNCTION__ = "connection_handle_listener_read"
         __func__ = "connection_handle_listener_read"
 #12 0x00000000004aad5e in connection_handle_read_impl (conn=0x7ac900) at
 connection.c:2627
         max_to_read = -1
         try_to_read = 140737354119250
         before = 140737488346864
         n_read = 0
         socket_error = 0
         __PRETTY_FUNCTION__ = "connection_handle_read_impl"
         __func__ = "connection_handle_read_impl"
 #13 0x00000000004ab14e in connection_handle_read (conn=0x7ac900) at
 connection.c:2721
         res = 32767
 #14 0x000000000040a578 in conn_read_callback (fd=8, event=2,
 _conn=0x7ac900) at main.c:702
         conn = 0x7ac900
         __PRETTY_FUNCTION__ = "conn_read_callback"
 #15 0x00007ffff771010c in event_process_active_single_queue
 (base=0x7ac110, flags=<value optimized out>)
     at event.c:1346
         ev = 0x7ac9d0
 #16 event_process_active (base=0x7ac110, flags=<value optimized out>) at
 event.c:1416
         activeq = 0x7ab9b0
         i = 0
 #17 event_base_loop (base=0x7ac110, flags=<value optimized out>) at
 event.c:1617
         n = 1
         evsel = 0x7ffff7940d80
         tv = {tv_sec = 0, tv_usec = 53123}
         tv_p = <value optimized out>
         res = <value optimized out>
         retval = <value optimized out>
         __func__ = "event_base_loop"
 #18 0x000000000040cf32 in do_main_loop () at main.c:1924
         loop_result = 0
         now = 1338533388
         __PRETTY_FUNCTION__ = "do_main_loop"
         __func__ = "do_main_loop"
 #19 0x000000000040e4a7 in tor_main (argc=3, argv=0x7fffffffe1f8) at
 main.c:2619
         result = 0
         __PRETTY_FUNCTION__ = "tor_main"
 #20 0x0000000000408b34 in main (argc=3, argv=0x7fffffffe1f8) at
 tor_main.c:30
 No locals.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6029>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list