[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #23372 [Core Tor/Tor]: test: stack-use-after-scope in hs_service/build_update_descriptors

To: undisclosed-recipients: ;
Subject: [tor-bugs] #23372 [Core Tor/Tor]: test: stack-use-after-scope in hs_service/build_update_descriptors
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 31 Aug 2017 12:33:05 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 31 Aug 2017 08:33:14 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#23372: test: stack-use-after-scope in hs_service/build_update_descriptors
------------------------------+--------------------------------
     Reporter:  dgoulet       |      Owner:  (none)
         Type:  defect        |     Status:  new
     Priority:  Medium        |  Milestone:  Tor: 0.3.2.x-final
    Component:  Core Tor/Tor  |    Version:
     Severity:  Normal        |   Keywords:  tor-test, tor-hs
Actual Points:                |  Parent ID:
       Points:                |   Reviewer:
      Sponsor:                |
------------------------------+--------------------------------
 Here is the libasan stacktrace:
 {{{
 ==32333==ERROR: AddressSanitizer: stack-use-after-scope on address
 0x7ffd2c537fe8 at pc 0x55a25e624399 bp 0x7ffd2c537920 sp 0x7ffd2c537910
 READ of size 1 at 0x7ffd2c537fe8 thread T0
     #0 0x55a25e624398 in node_allows_single_hop_exits
 src/or/nodelist.c:984
     #1 0x55a25e708afb in router_choose_random_node
 src/or/routerlist.c:2815
     #2 0x55a25e5c2493 in pick_intro_point src/or/hs_service.c:1406
     #3 0x55a25e5c2493 in pick_needed_intro_points src/or/hs_service.c:1498
     #4 0x55a25e5c2493 in update_service_descriptor
 src/or/hs_service.c:1589
     #5 0x55a25e5c2493 in update_all_descriptors src/or/hs_service.c:1622
     #6 0x55a25e1337c6 in test_build_update_descriptors
 src/test/test_hs_service.c:1140
     #7 0x55a25e31f01a in testcase_run_bare_ src/ext/tinytest.c:106
     #8 0x55a25e31f989 in testcase_run_forked_ src/ext/tinytest.c:190
     #9 0x55a25e31f989 in testcase_run_one src/ext/tinytest.c:248
     #10 0x55a25e321013 in tinytest_main src/ext/tinytest.c:435
     #11 0x55a25dee3200 in main src/test/testing_common.c:319
     #12 0x7f11c6e08420 in __libc_start_main (/lib/x86_64-linux-
 gnu/libc.so.6+0x20420)
     #13 0x55a25dee5ee9 in _start (src/test/test+0x956ee9)
 }}}

 The issue seems to be that we use `routerinfo_t ri;` on the stack and then
 assign it to a `node_t` with `nodelist_set_routerinfo(&ri, NULL)`.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23372>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #22348 [Core Tor/Tor]: 16 relays have mismatched rsa/ed keys currently
Next by Author: [tor-bugs] #23377 [Webpages/Webtools]: Some reorg suggestion for media.tpo
Previous by thread: Re: [tor-bugs] #16755 [Obfuscation/Pluggable transport]: Design a version 2 Pluggable Transport spec.
Next by thread: Re: [tor-bugs] #14923 [Applications/Tor Launcher]: Tor Launcher should have accessibility support.
Index(es):
- Author
- Thread