[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] URGENT: active OpenSSL "Heartbleed" attack on Tor Nodes



Have been running Tor relay with
AddressSanitizer and it crashed this
morning.  I thought it was related to
the system being close to running out of
free memory until I read about the new
OpenSSL vulnerability.

Anyone running a Tor relay with OpenSSL
1.0.1 should update the library or
rebuild against an older version
immediately!!!!
=================================================================
==18238== ERROR: AddressSanitizer: unknown-crash on address 0x????017???0b at pc 0x????8e4???47 bp 0x????be7???f0 sp 0x????be7???b0
READ of size 65535 at 0x?????017???0b thread T0
    #0 0x????8e4???46 (/usr/local/lib64/libasan.so.0.0.0+0x???6)
    #1 0x????8db???e6 (/usr/local/lib64/libssl.so.1.0.0+0x???e6)
    #2 0x????8db???4e (/usr/local/lib64/libssl.so.1.0.0+0x???4e)
    #3 0x????8db???1a (/usr/local/lib64/libssl.so.1.0.0+0x???1a)
    #4 0x????8db???b7 (/usr/local/lib64/libssl.so.1.0.0+0x???b7)
    #5 0x????8db???c7 (/usr/local/lib64/libssl.so.1.0.0+0x???c7)
    #6 0x????918???8b (/usr/local/bin/tor-sanitize-0.2.4.18-rc+0x???58b)
    #7 0x????918???9b (/usr/local/bin/tor-sanitize-0.2.4.18-rc+0x???89b)
    #8 0x????917???5c (/usr/local/bin/tor-sanitize-0.2.4.18-rc+0x???65c)
    #9 0x????916???0c (/usr/local/bin/tor-sanitize-0.2.4.18-rc+0x???0c)
    #10 0x????8dd???53 (/usr/local/lib64/libevent-2.0.so.5.1.9+0x???53)
    #11 0x????916???1d (/usr/local/bin/tor-sanitize-0.2.4.18-rc+0x???1d)
    #12 0x????916???88 (/usr/local/bin/tor-sanitize-0.2.4.18-rc+0x???88)
    #13 0x????916???0b (/usr/local/bin/tor-sanitize-0.2.4.18-rc+0x???0b)
    #14 0x????8cf???29 (/lib64/libc-2.8.so+0x???9)
    #15 0x????916???d8 (/usr/local/bin/tor-sanitize-0.2.4.18-rc+0x???d8)
0x????017???48 is located 0 bytes to the right of 17736-byte region [0x????017???00,0x????017???48)
allocated by thread T0 here:
    #0 0x????8e4???7a (/usr/local/lib64/libasan.so.0.0.0+0x???7a)
    #1 0x????8d7???32 (/usr/local/lib64/libcrypto.so.1.0.0+0x???32)
Shadow bytes around the buggy address:
  0x????c02???f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x????c02???00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x????c02???10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x????c02???20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x????c02???30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x????c02???40: 00[00]00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x????c02???50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x????c02???60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x????c02???70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x????c02???80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x????c02???90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:     fa
  Heap righ redzone:     fb
  Freed Heap region:     fd
  Stack left redzone:    f1
  Stack mid redzone:     f2
  Stack right redzone:   f3
  Stack partial redzone: f4
  Stack after return:    f5
  Stack use after scope: f8
  Global redzone:        f9
  Global init order:     f6
  Poisoned by user:      f7
  ASan internal:         fe
==18238== ABORTING
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays