replicable server crash by control message on win2k
I found this while trying to implement the password authentication of the tor control protocol. On Windows 2000 Professional, tor 0.1.0.8-rc, the server can be replicably crashed by the following procedure:
- set a HashedControlPassword in the torrc
- start tor
- open a local tcp connection to the ControlPort
- send a byte sequence like 00 04 00 07 49 50 51 00 (4 bytes length, message type AUTHENTICATE, any password [in this case "123"], null terminator)
On my machine, the server crashes immediately. Example log:
Jun 04 21:54:35.046 [notice] Tor v0.1.0.8-rc. This is experimental software. Do not rely on it for strong anonymity. Jun 04 21:54:35.109 [notice] Initialized libevent version 1.1 using method win32 Jun 04 21:54:48.437 [err] crypto_seed_rng(): Can't get CryptoAPI provider [2], error code: 8009000f Jun 04 21:54:50.625 [notice] router_orport_found_reachable(): Your ORPort is reachable from the outside. Excellent. Publishing server descriptor. Jun 04 21:54:50.765 [notice] Tor has successfully opened a circuit. Looks like it's working. Jun 04 21:54:51.406 [notice] directory_handle_command_get(): Client asked for the mirrored directory, but we don't have a good one yet. Sending 503 Dir not available. Jun 04 21:55:01.703 [err] _tor_malloc(): Out of memory. Dying.
At the time of testing, the machine had >200 MB of physical RAM available, so it's not an actual memory shortage.
Some lines of my torrc:
ControlPort 9696 ClientOnly 1 HashedControlPassword oGd9L4OZ3aBgsMS4044OjH1UDd0tYfh3E1RZZcY= #CookieAuthentication 1
The rest are just standard settings.
[Automatically added by flyspray2trac: Operating System: Windows 2k/XP]
Trac:
Username: rm