[tor-bugs] #14803 [Tor]: Tor segfault with hidden service SETCONF
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Feb 9 03:32:47 UTC 2015
#14803: Tor segfault with hidden service SETCONF
--------------------------+-----------------
Reporter: atagar | Owner:
Type: defect | Status: new
Priority: critical | Milestone:
Component: Tor | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
--------------------------+-----------------
Comment (by atagar):
Quick update with the findings so far. Sebastian and Roger are unable to
repro so looks to be platform specific (yay!). Tried to narrow this to the
simplest repro...
{{{
For tor...
% git checkout 44e9daf
% git clean -fdx
% make dist-clean; ./autogen.sh && ./configure && make
% mkdir /tmp/tor_test
[made a torrc...]
% cat /tmp/tor_test/torrc
DataDirectory /tmp/tor_test
ControlPort 1111
% tor -f /tmp/tor_test/torrc
}}}
And then...
{{{
% telnet localhost 1111
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
AUTHENTICATE
250 OK
SETCONF HiddenServiceDir="/tmp/tor_test" HiddenServicePort="8030
127.0.0.1:8030"
Connection closed by foreign host.
}}}
The tor instance fails with...
{{{
Feb 08 19:29:13.000 [warn] ControlPort is open, but no authentication
method has been configured. This means that any program on your computer
can reconfigure your Tor. That's bad! You should upgrade your Tor
controller as soon as possible.
*** glibc detected *** tor: free(): invalid next size (fast): 0xb9297c38
***
======= Backtrace: =========
/lib/i386-linux-gnu/libc.so.6(+0x75b12)[0xb7120b12]
tor(+0x52309)[0xb7591309]
tor(rend_config_services+0xb25)[0xb75939a5]
tor(+0xc19aa)[0xb76009aa]
tor(options_trial_assign+0xb4)[0xb7605384]
tor(+0xe49c1)[0xb76239c1]
tor(connection_control_process_inbuf+0x6e4)[0xb7627a34]
tor(+0xca584)[0xb7609584]
tor(connection_handle_read+0x7c7)[0xb760fbf7]
tor(+0x28d51)[0xb7567d51]
/usr/lib/libevent-2.0.so.5(event_base_loop+0x209)[0xb7489ce9]
tor(do_main_loop+0x1bb)[0xb756873b]
tor(tor_main+0x1f6d)[0xb756c0fd]
tor(main+0x33)[0xb75649a3]
/lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf3)[0xb70c44d3]
tor(+0x259ed)[0xb75649ed]
======= Memory map: ========
b6dd8000-b6f3a000 r--p 00000000 08:01 33163734 /tmp/tor_test/cached-
microdescs
b7086000-b70a2000 r-xp 00000000 08:01 31589205 /lib/i386-linux-
gnu/libgcc_s.so.1
b70a2000-b70a3000 r--p 0001b000 08:01 31589205 /lib/i386-linux-
gnu/libgcc_s.so.1
b70a3000-b70a4000 rw-p 0001c000 08:01 31589205 /lib/i386-linux-
gnu/libgcc_s.so.1
b70a4000-b70a6000 rw-p 00000000 00:00 0
b70a6000-b70a9000 r-xp 00000000 08:01 31589145 /lib/i386-linux-
gnu/libdl-2.15.so
b70a9000-b70aa000 r--p 00002000 08:01 31589145 /lib/i386-linux-
gnu/libdl-2.15.so
b70aa000-b70ab000 rw-p 00003000 08:01 31589145 /lib/i386-linux-
gnu/libdl-2.15.so
b70ab000-b724f000 r-xp 00000000 08:01 31589158 /lib/i386-linux-
gnu/libc-2.15.so
b724f000-b7251000 r--p 001a4000 08:01 31589158 /lib/i386-linux-
gnu/libc-2.15.so
b7251000-b7252000 rw-p 001a6000 08:01 31589158 /lib/i386-linux-
gnu/libc-2.15.so
b7252000-b7256000 rw-p 00000000 00:00 0
b7256000-b725d000 r-xp 00000000 08:01 31589154 /lib/i386-linux-
gnu/librt-2.15.so
b725d000-b725e000 r--p 00006000 08:01 31589154 /lib/i386-linux-
gnu/librt-2.15.so
b725e000-b725f000 rw-p 00007000 08:01 31589154 /lib/i386-linux-
gnu/librt-2.15.so
b725f000-b7276000 r-xp 00000000 08:01 31589152 /lib/i386-linux-
gnu/libpthread-2.15.so
b7276000-b7277000 r--p 00016000 08:01 31589152 /lib/i386-linux-
gnu/libpthread-2.15.so
b7277000-b7278000 rw-p 00017000 08:01 31589152 /lib/i386-linux-
gnu/libpthread-2.15.so
b7278000-b727a000 rw-p 00000000 00:00 0
b727a000-b740c000 r-xp 00000000 08:01 31588647 /lib/i386-linux-
gnu/libcrypto.so.1.0.0
b740c000-b741b000 r--p 00192000 08:01 31588647 /lib/i386-linux-
gnu/libcrypto.so.1.0.0
b741b000-b7422000 rw-p 001a1000 08:01 31588647 /lib/i386-linux-
gnu/libcrypto.so.1.0.0
b7422000-b7425000 rw-p 00000000 00:00 0
b7425000-b7476000 r-xp 00000000 08:01 31588643 /lib/i386-linux-
gnu/libssl.so.1.0.0
b7476000-b7477000 ---p 00051000 08:01 31588643 /lib/i386-linux-
gnu/libssl.so.1.0.0
b7477000-b7479000 r--p 00051000 08:01 31588643 /lib/i386-linux-
gnu/libssl.so.1.0.0
b7479000-b747d000 rw-p 00053000 08:01 31588643 /lib/i386-linux-
gnu/libssl.so.1.0.0
b747d000-b74c1000 r-xp 00000000 08:01 27527944
/usr/lib/libevent-2.0.so.5.1.4
b74c1000-b74c2000 r--p 00043000 08:01 27527944
/usr/lib/libevent-2.0.so.5.1.4
b74c2000-b74c3000 rw-p 00044000 08:01 27527944
/usr/lib/libevent-2.0.so.5.1.4
b74c3000-b74c4000 rw-p 00000000 00:00 0
b74c4000-b74ee000 r-xp 00000000 08:01 31589148 /lib/i386-linux-
gnu/libm-2.15.so
b74ee000-b74ef000 r--p 00029000 08:01 31589148 /lib/i386-linux-
gnu/libm-2.15.so
b74ef000-b74f0000 rw-p 0002a000 08:01 31589148 /lib/i386-linux-
gnu/libm-2.15.so
b74f0000-b7504000 r-xp 00000000 08:01 31589295 /lib/i386-linux-
gnu/libz.so.1.2.3.4
b7504000-b7505000 r--p 00013000 08:01 31589295 /lib/i386-linux-
gnu/libz.so.1.2.3.4
b7505000-b7506000 rw-p 00014000 08:01 31589295 /lib/i386-linux-
gnu/libz.so.1.2.3.4
b7519000-b751c000 rw-p 00000000 00:00 0
b751c000-b751d000 r-xp 00000000 00:00 0 [vdso]
b751d000-b753d000 r-xp 00000000 08:01 31589142 /lib/i386-linux-
gnu/ld-2.15.so
b753d000-b753e000 r--p 0001f000 08:01 31589142 /lib/i386-linux-
gnu/ld-2.15.so
b753e000-b753f000 rw-p 00020000 08:01 31589142 /lib/i386-linux-
gnu/ld-2.15.so
b753f000-b770a000 r-xp 00000000 00:13 13501034
/home/atagar/Desktop/tor/tor/src/or/tor
b770a000-b770c000 r--p 001ca000 00:13 13501034
/home/atagar/Desktop/tor/tor/src/or/tor
b770c000-b7710000 rw-p 001cc000 00:13 13501034
/home/atagar/Desktop/tor/tor/src/or/tor
b7710000-b7714000 rw-p 00000000 00:00 0
b8dcd000-b9502000 rw-p 00000000 00:00 0 [heap]
bfada000-bfafb000 rw-p 00000000 00:00 0 [stack]
Aborted
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14803#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list