[tor-bugs] #32604 [Core Tor/Tor]: Add HiddenServiceExportRendPoint and HiddenServiceExportInstanceID directive

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Dec 4 17:27:11 UTC 2019


#32604: Add HiddenServiceExportRendPoint and HiddenServiceExportInstanceID
directive
-----------------------------------------+---------------------------------
 Reporter:  moonsikpark                  |          Owner:  (none)
     Type:  enhancement                  |         Status:  needs_revision
 Priority:  Medium                       |      Milestone:  Tor:
                                         |  0.4.3.x-final
Component:  Core Tor/Tor                 |        Version:
 Severity:  Normal                       |     Resolution:
 Keywords:  tor-hs tor-dos extra-review  |  Actual Points:
Parent ID:  #32511                       |         Points:
 Reviewer:  dgoulet, ahf, teor           |        Sponsor:  Sponsor27-can
-----------------------------------------+---------------------------------

Comment (by teor):

 On macOS, I see:
 {{{
 5505hs_service/export_client_circuit_id: [forking]
 =================================================================
 5506==36432==ERROR: AddressSanitizer: heap-use-after-free on address
 0x60e000107338 at pc 0x000100781651 bp 0x7ffeef985f60 sp 0x7ffeef985f58
 5507READ of size 8 at 0x60e000107338 thread T0
 5508    #0 0x100781650 in extend_info_free_ circuitbuild.c:2798
 5509    #1 0x10078c55e in circuit_free_ circuitlist.c:1159
 5510    #2 0x1004fd8e5 in test_export_client_circuit_id
 test_hs_service.c:2288
 5511    #3 0x1006f39b3 in testcase_run_one tinytest.c:107
 5512    #4 0x1006f4282 in tinytest_main tinytest.c:454
 5513    #5 0x1006f1ec7 in main testing_common.c:350
 5514    #6 0x7fff7964e3d4 in start (libdyld.dylib:x86_64+0x163d4)
 5515
 55160x60e000107338 is located 120 bytes inside of 160-byte region
 [0x60e0001072c0,0x60e000107360)
 5517freed by thread T0 here:
 5518    #0 0x101d53bad in wrap_free
 (libclang_rt.asan_osx_dynamic.dylib:x86_64+0x5ebad)
 5519    #1 0x1004fd8bb in test_export_client_circuit_id
 test_hs_service.c:2286
 5520    #2 0x1006f39b3 in testcase_run_one tinytest.c:107
 5521    #3 0x1006f4282 in tinytest_main tinytest.c:454
 5522    #4 0x1006f1ec7 in main testing_common.c:350
 5523    #5 0x7fff7964e3d4 in start (libdyld.dylib:x86_64+0x163d4)
 5524
 5525previously allocated by thread T0 here:
 5526    #0 0x101d539f3 in wrap_malloc
 (libclang_rt.asan_osx_dynamic.dylib:x86_64+0x5e9f3)
 5527    #1 0x100ad6bef in tor_malloc_zero_ malloc.c:45
 5528    #2 0x100782e3d in extend_info_new circuitbuild.c:2690
 5529    #3 0x1004fe98c in test_export_client_circuit_id
 test_hs_service.c:2272
 5530    #4 0x1006f39b3 in testcase_run_one tinytest.c:107
 5531    #5 0x1006f4282 in tinytest_main tinytest.c:454
 5532    #6 0x1006f1ec7 in main testing_common.c:350
 5533    #7 0x7fff7964e3d4 in start (libdyld.dylib:x86_64+0x163d4)
 }}}
 https://travis-
 ci.org/torproject/tor/jobs/620648132?utm_medium=notification&utm_source=github_status

 It looks like you're freeing something twice, these logs have the line
 numbers. I'll have a look tomorrow when I'm at my computer.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32604#comment:18>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list