[tor-bugs] #13471 [Tor]: router daemon crashes with openssl built no_ssl3
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Oct 20 01:20:56 UTC 2014
#13471: router daemon crashes with openssl built no_ssl3
-------------------------+-------------------------------------------------
Reporter: | Owner:
starlight | Status: new
Type: defect | Milestone: Tor: 0.2.6.x-final
Priority: blocker | Version: Tor: 0.2.4.24
Component: Tor | Keywords: tor-relay ssl3 poodle 025-backport
Resolution: | 024-backport 023-backport
Actual Points: | Parent ID:
Points: |
-------------------------+-------------------------------------------------
Comment (by starlight):
I'll have to take a look at --enable-expensive-hardening.
I see in
gcc-4.9.1/libsanitizer/include/sanitizer/asan_interface.h
{{{
// This function may be optionally provided by user and should return
// a string containing ASan runtime options. See asan_flags.h for
details.
const char* __asan_default_options();
}}}
which seems like it will do the job. Be aware that
many references are made in web-postings regarding
ASAN to usage similar to
{{{
#if defined(__has_feature)
#if __has_feature(address_sanitizer)
__sanitizer_sandbox_on_notify(NULL);
#endif
#endif
}}}
which I call to allow ASAN to work with
`/chroot_tor/proc` unmounted after
startup, but the conditional compile is
specific to CLANG and does not work for
GCC. You should create your own -DASANFLAG
conditional compilation flag. I only just
figured this out and the above code was
not working at all though I was
laboring under the misconception
that it was.
Also be sure to either direct stdout/stderr
to a file (as in my patch above) or configure
the "log_path" ASAN option or ASAN will not
work. I favor standard I/O since sometimes
glibc will write a message that may be
of value.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13471#comment:19>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list