[tor-bugs] #15901 [Tor]: apparent memory corruption -- very difficult to isolate
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Aug 23 22:30:14 UTC 2015
#15901: apparent memory corruption -- very difficult to isolate
---------------------------+--------------------------------
Reporter: starlight | Owner:
Type: defect | Status: new
Priority: critical | Milestone: Tor: 0.2.7.x-final
Component: Tor | Version: Tor: 0.2.5.12
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
---------------------------+--------------------------------
Comment (by starlight):
Again!
{{{
Error decoding identity digest "rnTn"
Got a bad signature on a networkstatus vote
last message repeated 7 times
Consensus does not include configured authority 'urras' at
208.83.223.34:443 (identity 80550987E1D626E3EBA5E5E75A458DE0626D088C)
A consensus needs 5 good signatures from recognized authorities for us to
accept it. This one has 0 (). 8 of the signatures on it didn't verify
correctly.
Not enough good signatures on networkstatus consensus
Unable to load ns consensus directory downloaded from server
'199.254.238.52:80'. I'll try again soon.
Error decoding identity digest "rnTn"
Got a bad signature on a networkstatus vote
last message repeated 7 times
Consensus does not include configured authority 'urras' at
208.83.223.34:443 (identity 80550987E1D626E3EBA5E5E75A458DE0626D088C)
A consensus needs 5 good signatures from recognized authorities for us to
accept it. This one has 0 (). 8 of the signatures on it didn't verify
correctly.
Not enough good signatures on networkstatus consensus
Unable to load ns consensus directory downloaded from server
'131.188.40.189:80'. I'll try again soon.
Error decoding identity digest "rnTn"
Got a bad signature on a networkstatus vote
last message repeated 7 times
Consensus does not include configured authority 'urras' at
208.83.223.34:443 (identity 80550987E1D626E3EBA5E5E75A458DE0626D088C)
A consensus needs 5 good signatures from recognized authorities for us to
accept it. This one has 0 (). 8 of the signatures on it didn't verify
correctly.
Not enough good signatures on networkstatus consensus
Unable to load ns consensus directory downloaded from server
'194.109.206.212:80'. I'll try again soon.
}}}
Made some progress on understanding what is happening. Using the first
line 'Error decoding identity digest "rnTn"' and examining the core file
plus the archived consensus document, found that a single stray 32-bit
store is corrupting the consensus document image in memory:
original:
{{{
r Toughmudder rnTUAd5Dh4212x1HlRV3jVzTBgU Ib9ENWJVQ6+5OJlyxe5b/VFLeq8
2015-08-17 18:55:56 5.199.242.60 9001 9030
s Fast HSDir Running Stable V2Dir Valid
v Tor 0.2.4.27
}}}
corrputed:
{{{
r Toughmudder rnTn rHDXjA12x1HlRV3jVzTBgU Ib9ENWJVQ6+5OJlyxe5b/VFLeq8
2015-08-17 18:55:56 5.199.242.60 9001 9030
s Fast HSDir Running Stable V2Dir Valid
v Tor 0.2.4.27
}}}
This leads me to the idea that perhaps `mprotect()` can be used to mark
the consensus document memory read-only immediately after being stored and
until the memory is released. This might result in a memory protection
violation at the time of a stray pointer write and produce a core with a
stack trace precisely identifying the errant code.
Could someone familiar with this area of the code comment on the
feasibility of the above and perhaps offer a suggestion or two regarding
proper placement of the `mprotect()` calls?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15901#comment:20>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list