[tor-bugs] #5102 [Tor Bridge]: segfault in entry_guard_register_connect_status on tor bridge running obfsproxy on openbsd

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Sun Feb 12 14:03:39 UTC 2012 

#5102: segfault in entry_guard_register_connect_status on tor bridge running
obfsproxy on openbsd
-----------------------------+----------------------------------------------
 Reporter:  therealditzydoo  |          Owner:                     
     Type:  defect           |         Status:  new                
 Priority:  normal           |      Milestone:                     
Component:  Tor Bridge       |        Version:  Tor: 0.2.3.11-alpha
 Keywords:                   |         Parent:                     
   Points:                   |   Actualpoints:                     
-----------------------------+----------------------------------------------
 I am running a tor bridge on openbsd (uname -a output is OpenBSD
 [REDACTED] 5.1 GENERIC.MP#2 i386). It is statically linked and runs in a
 chroot. Here's the output when it's started not in the chroot:

 {{{
 Feb 12 05:53:04.331 [notice] Tor v0.2.3.11-alpha running on OpenBSD i386.
 Feb 12 05:53:04.331 [notice] Tor can't help you if you use it wrong! Learn
 how to be safe at https://www.torproject.org/download/download#warning
 Feb 12 05:53:04.331 [notice] This version is not a stable Tor release.
 Expect more bugs than usual.
 Feb 12 05:53:04.347 [notice] Configuration file "/usr/local/etc/tor/torrc"
 not present, using reasonable defaults.
 Feb 12 05:53:04.349 [warn] It's a little hard to tell, but you seem to
 have Libevent 1.4.0-beta header files, whereas you have linked against
 Libevent 1.4.14b-stable.  This will probably make Tor crash.
 Feb 12 05:53:04.349 [notice] Initialized libevent version 1.4.14b-stable
 using method kqueue. Good.
 Feb 12 05:53:04.349 [notice] Opening Socks listener on 127.0.0.1:9050
 Feb 12 05:53:04.000 [notice] Parsing GEOIP file
 /usr/local/share/tor/geoip.
 Feb 12 05:53:04.000 [notice] No AES engine found; using AES_* functions.
 Feb 12 05:53:04.000 [notice] This OpenSSL has a good implementation of
 counter mode; using it.
 Feb 12 05:53:04.000 [notice] OpenSSL OpenSSL 1.0.0f 4 Jan 2012 looks like
 version 0.9.8m or later; I will try SSL_OP to enable renegotiation
 Feb 12 05:53:04.000 [notice] Reloaded microdescriptor cache.  Found 3404
 descriptors.
 Feb 12 05:53:05.000 [notice] We now have enough directory information to
 build circuits.
 Feb 12 05:53:05.000 [notice] Bootstrapped 80%: Connecting to the Tor
 network.
 Feb 12 05:53:06.000 [notice] Heartbeat: Tor's uptime is 0:00 hours, with 2
 circuits open. I've sent 0 kB and received 0 kB.
 Feb 12 05:53:06.000 [notice] Bootstrapped 85%: Finishing handshake with
 first hop.
 Feb 12 05:53:07.000 [notice] Bootstrapped 90%: Establishing a Tor circuit.
 Feb 12 05:53:09.000 [notice] Tor has successfully opened a circuit. Looks
 like client functionality is working.
 Feb 12 05:53:09.000 [notice] Bootstrapped 100%: Done.
 ^CFeb 12 05:56:54.000 [notice] Interrupt: exiting cleanly.
 }}}

 When run in the chroot (with chroot -u _tor -g _tor /home/chrooted/tor
 /bin/tor -f /etc/tor/torrc-relay), it runs for a bit, then crashes without
 leaving anything in the logfile. It dumps a core. Here's the output of bt
 from gdb:
 {{{
 > gdb mytor mycore
 GNU gdb 6.3
 Copyright 2004 Free Software Foundation, Inc.
 GDB is free software, covered by the GNU General Public License, and you
 are
 welcome to change it and/or distribute copies of it under certain
 conditions.
 Type "show copying" to see the conditions.
 There is absolutely no warranty for GDB.  Type "show warranty" for
 details.
 This GDB was configured as "i386-unknown-openbsd5.0"...
 Core was generated by `tor'.
 Program terminated with signal 11, Segmentation fault.
 #0  0x1c07b57b in entry_guard_register_connect_status ()
 (gdb) bt
 #0  0x1c07b57b in entry_guard_register_connect_status ()
 #1  0x1c0ba387 in connection_or_set_state_open ()
 #2  0x1c08bea5 in command_process_netinfo_cell ()
 #3  0x1c08988d in command_process_cell ()
 #4  0x1c0baa51 in connection_or_process_cells_from_inbuf ()
 #5  0x1c0b7578 in connection_or_process_inbuf ()
 #6  0x1c0a91db in connection_process_inbuf ()
 #7  0x1c0a6e7a in connection_handle_read_impl ()
 #8  0x1c0a6f94 in connection_handle_read ()
 #9  0x1c001cb0 in conn_read_callback ()
 #10 0x1c137b35 in event_base_loop (base=0x83cda000, flags=0) at
 /usr/src/lib/libevent/event.c:402
 #11 0x1c0045e7 in do_main_loop ()
 #12 0x1c005cf7 in tor_main ()
 #13 0x1c000406 in main ()
 (gdb)
 }}}

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5102>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list