[tor-bugs] #15901 [Tor]: apparent memory corruption from control channel request processing -- very difficult to isolate
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon May 4 15:29:34 UTC 2015
#15901: apparent memory corruption from control channel request processing -- very
difficult to isolate
---------------------------+--------------------------------
Reporter: starlight | Owner:
Type: defect | Status: new
Priority: critical | Milestone: Tor: 0.2.7.x-final
Component: Tor | Version: Tor: 0.2.5.12
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
---------------------------+--------------------------------
Comment (by starlight):
Should have included these earlier:
The two scripts I run by hand that
appear to trigger the bug:
{{{
nc [scrubbed] 9151 <<EOF
AUTHENTICATE "[scrubbed]"
GETCONF RelayBandwidthRate
GETCONF RelayBandwidthBurst
getinfo ns/id/[scrubbed]
getinfo ns/name/[scurbbed]
QUIT
EOF
:
}}}
{{{
nc [scrubbed] 9151 <<EOF
AUTHENTICATE "[scurbbed]"
getinfo dir/server/authority
QUIT
EOF
:
}}}
The bug seems to show up on the first consensus
download after the above are run manually in
close succession, somewhere between 24 and
48 hours after restarting the relay.
I must also admit that the system where the problem
occurs is non-ECC, so a remote possibility exists
that the cause is some type of physical memory
corruption. However I believe this is unlikely
as the behavior of this issue is highly specific
and somewhat reproducible. If the system were
experiencing random memory corruption one would
expect to see additional failures. The box is
a low-end business-grade Dell with an AMD CPU
and I've never had a Dell that was anything but
rock solid reliable.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15901#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list