[tor-bugs] #22679 [Core Tor/Stem]: Tor and stem library : non consistent error message with wrong password

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Jun 20 23:20:56 UTC 2017


#22679: Tor and stem library : non consistent error message with wrong password
---------------------------+------------------------
 Reporter:  daftaupe       |          Owner:  atagar
     Type:  defect         |         Status:  new
 Priority:  Medium         |      Milestone:
Component:  Core Tor/Stem  |        Version:
 Severity:  Normal         |     Resolution:
 Keywords:                 |  Actual Points:
Parent ID:                 |         Points:
 Reviewer:                 |        Sponsor:
---------------------------+------------------------

Comment (by cacahuatl):

 From my poking at this, there seems to be some racey code in the handling
 of the control socket connection.

 For example stem is sending a `SETEVENTS` command straight after
 `AUTHENTICATE` without waiting for `AUTHENTICATE` to return a success or
 fail (it of course fails with the wrong password), then Tor kills the
 control connection, as per the spec, and stem seems to try and use the
 closed socket again if it's unlucky on timing.

 I was able to reproduce some of the results from their code but only when
 running on a less powerful CPU, with a more powerful one I got a 100%
 success rate.

 I also found that running `authenticate()` in a tight loop can actually
 entirely lock up the python process. (`stem-1.5.4` with both Tor
 `0.2.9.11` and `0.3.0.8`).

 e.g.

 {{{
 #!/usr/bin/env python2
 from stem.control import Controller
 controller = Controller.from_port()
 for i in range(0,1000):
         try:
                 controller.authenticate(password = "wrong")
         except Exception as e:
                 print "%s" % e
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22679#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list