[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #15901 [Tor]: apparent memory corruption from control channel request processing -- very difficult to isolate

Subject: Re: [tor-bugs] #15901 [Tor]: apparent memory corruption from control channel request processing -- very difficult to isolate
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Mon, 04 May 2015 14:51:22 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 04 May 2015 10:51:32 -0400
In-reply-to: <049.41716a4b6c86c2bb02d6cc277c6cbc47@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <049.41716a4b6c86c2bb02d6cc277c6cbc47@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#15901: apparent memory corruption from control channel request processing -- very
difficult to isolate
---------------------------+--------------------------------
     Reporter:  starlight  |      Owner:
         Type:  defect     |     Status:  new
     Priority:  critical   |  Milestone:  Tor: 0.2.7.x-final
    Component:  Tor        |    Version:  Tor: 0.2.5.12
   Resolution:             |   Keywords:
Actual Points:             |  Parent ID:
       Points:             |
---------------------------+--------------------------------

Comment (by starlight):

 Uploaded unparsable-desc from first occurrence.

 I suspect the only useful information may be the
 number of entries as the contents look perfectly
 ok.  The bug seems to be about corrupting the
 openssl objects employed in verifying the
 descriptors rather then the descriptors
 themselves.

 Will prepare a package of the core and the system
 files that can be used with gdb's "set sysroot"
 command for a fully examinable core.  Want to
 share that privately so contact me at

    starlight dot YYYYqQ at binnacle dot cx

 where YYYY is the year and Q is the quarter
 (1-4) and I'll provide a link where it can
 be downloaded.

 But be aware that the core is mainly providing
 "effect" rather than "cause" unless it's
 examined by someone intimate with the code
 and who gets luckly and sees something they
 recognized and that leads to the code illegally
 overwriting memory.  This is why I have not
 dug into it.

 The stack trace is apparent with 'gdb's
 'where' command, but says nothing of value
 as I manually killed the relay process with
 "pkill -SEGV tor" after the corruption
 occurred--the trace is of the signal
 termination handler.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15901#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #15901 [Tor]: apparent memory corruption from control channel request processing -- very difficult to isolate
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #15856 [Trac]: Please make jsha default owner for HTTPS Everywhere components
Next by Author: [tor-bugs] #15919 [Tor]: How to set up obfsproxy between client and server using tor
Previous by thread: Re: [tor-bugs] #15901 [Tor]: apparent memory corruption from control channel request processing -- very difficult to isolate
Next by thread: Re: [tor-bugs] #15901 [Tor]: apparent memory corruption from control channel request processing -- very difficult to isolate
Index(es):
- Author
- Thread