Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#17173 closed defect (fixed)

Bug: tor_addr_is_internal() called from src/common/address.c:1646 with a non-IP address of type 49 (on Tor 0.2.7.3-rc 9a4cac74fd2f4bb3)

Reported by: fk Owned by:
Priority: Medium Milestone: Tor: 0.2.7.x-final
Component: Core Tor/Tor Version: Tor: 0.2.7.3-rc
Severity: Normal Keywords: regression
Cc: teor, rl1987 Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

After upgrading from 0.2.7.2-alpha to 0.2.7.3-rc, I'm getting lots of these messages on clients, relays and hidden services (I haven't updated any bridges, yet):

Sep 27 16:48:07.251 [warn] {BUG} int tor_addr_is_internal_(const tor_addr_t *, int, const char *, int): Bug: tor_addr_is_internal() called from src/common/address.c:1646 with a non-IP address of type 49 (on Tor 0.2.7.3-rc 9a4cac74fd2f4bb3)
Sep 27 16:48:07.251 [warn] {BUG} int tor_addr_is_internal_(const tor_addr_t *, int, const char *, int): Bug: tor_addr_is_internal() called from src/common/address.c:1646 with a non-IP address of type 49 (on Tor 0.2.7.3-rc 9a4cac74fd2f4bb3)
Sep 27 16:48:07.310 [warn] {BUG} int tor_addr_is_internal_(const tor_addr_t *, int, const char *, int): Bug: tor_addr_is_internal() called from src/common/address.c:1646 with a non-IP address of type 49 (on Tor 0.2.7.3-rc 9a4cac74fd2f4bb3)
Sep 27 16:48:07.672 [warn] {BUG} int tor_addr_is_internal_(const tor_addr_t *, int, const char *, int): Bug: tor_addr_is_internal() called from src/common/address.c:1646 with a non-IP address of type 49 (on Tor 0.2.7.3-rc 9a4cac74fd2f4bb3)
Sep 27 16:48:07.685 [warn] {BUG} int tor_addr_is_internal_(const tor_addr_t *, int, const char *, int): Bug: tor_addr_is_internal() called from src/common/address.c:1646 with a non-IP address of type 49 (on Tor 0.2.7.3-rc 9a4cac74fd2f4bb3)
Sep 27 16:48:07.685 [warn] {BUG} int tor_addr_is_internal_(const tor_addr_t *, int, const char *, int): Bug: tor_addr_is_internal() called from src/common/address.c:1646 with a non-IP address of type 49 (on Tor 0.2.7.3-rc 9a4cac74fd2f4bb3)
Sep 27 16:48:57.246 [warn] {BUG} int tor_addr_is_internal_(const tor_addr_t *, int, const char *, int): Bug: tor_addr_is_internal() called from src/common/address.c:1646 with a non-IP address of type 49 (on Tor 0.2.7.3-rc 9a4cac74fd2f4bb3)
Sep 27 16:49:08.250 [warn] {BUG} int tor_addr_is_internal_(const tor_addr_t *, int, const char *, int): Bug: tor_addr_is_internal() called from src/common/address.c:1646 with a non-IP address of type 49 (on Tor 0.2.7.3-rc 9a4cac74fd2f4bb3)
Sep 27 16:49:58.248 [warn] {BUG} int tor_addr_is_internal_(const tor_addr_t *, int, const char *, int): Bug: tor_addr_is_internal() called from src/common/address.c:1646 with a non-IP address of type 49 (on Tor 0.2.7.3-rc 9a4cac74fd2f4bb3)
Sep 27 16:50:09.250 [warn] {BUG} int tor_addr_is_internal_(const tor_addr_t *, int, const char *, int): Bug: tor_addr_is_internal() called from src/common/address.c:1646 with a non-IP address of type 49 (on Tor 0.2.7.3-rc 9a4cac74fd2f4bb3)

The systems appear to be functional.

I'm not sure if it matters, but the Tor processes are running in ElectroBSD jails (which are basically FreeBSD jails with a different uname) and bind to the jail's local address (usually 127.0.1.x). pf is used to forward the advertised port and to NAT the Tor traffic.

I haven't had time to investigate this yet, but intend to do it in the next days.

Child Tickets

Attachments (1)

0001-get_interface_address6_list-Bring-back-a-return-code.patch (1.8 KB) - added by fk 4 years ago.
Potential fix

Download all attachments as: .zip

Change History (13)

comment:1 Changed 4 years ago by nickm

Milestone: Tor: 0.2.7.x-final

comment:2 Changed 4 years ago by fk

I suspect that this is related to 098b82c7b which removed an addrs check around "SMARTLIST_FOREACH_BEGIN(addrs, tor_addr_t *, a)" in get_interface_address6().

Address family type 49 is reserved for vendors (AF_VENDOR05) and thus unlikely to be correct.

comment:3 Changed 4 years ago by fk

That suspicion didn't pan out. I'm now suspecting 31eb486c46 which seems let Tor assume that get_interface_address6_via_udp_socket_hack() always succeeds.

Increasing the debug level showed that it fails before the bug message is triggered (line number changed due to a local debug patch):

Sep 28 17:26:52.988 [info] {NET} int get_interface_address6_via_udp_socket_hack(int, sa_family_t, tor_addr_t *): Address that we determined via UDP socket magic is unsuitable for public comms.
Sep 28 17:26:52.988 [warn] {BUG} int tor_addr_is_internal_(const tor_addr_t *, int, const char *, int): Bug: tor_addr_is_internal() called from src/common/address.c:1651 with a non-IP address of type 49 (on Tor
 0.2.7.3-rc 9a4cac74fd2f4bb3)
Sep 28 17:26:52.989 [info] {NET} int get_interface_address6_via_udp_socket_hack(int, sa_family_t, tor_addr_t *): Address that we determined via UDP socket magic is unsuitable for public comms.
Sep 28 17:26:52.989 [warn] {BUG} int tor_addr_is_internal_(const tor_addr_t *, int, const char *, int): Bug: tor_addr_is_internal() called from src/common/address.c:1651 with a non-IP address of type 49 (on Tor

I probably won't be able to test this theory until tomorrow.

comment:4 Changed 4 years ago by nickm

Cc: teor rl1987 added

Adding Teor and rl1987, since they and I have touched some of this code recently.

comment:5 Changed 4 years ago by fk

As it turned out the problem is related to both commits.

The attached patch appears to fix this. It hasn't been properly tested yet, but I intend to look into this tomorrow.

comment:6 Changed 4 years ago by teor

Thanks for the patch, and for diagnosing this issue.

get_interface_address6_list returns an empty smartlist when there are no suitable interface addresses, so the return NULL; should instead be return smartlist_new();

comment:7 Changed 4 years ago by Sebastian

Can we also get a unit test for this?

comment:8 Changed 4 years ago by teor

fk:
Also, the patch lines if (addrs == NULL) return -1; aren't needed, as the existing code does that anyway for empty lists.

Sebastian:
We can update the existing unit tests to test for total failure to find any addresses.

comment:9 Changed 4 years ago by teor

Status: newneeds_review

Please see my branch bug17173-socket-hack-rv on https://github.com/teor2345/tor.git

Commits:

  • fv's patch (modified): check socket hack return value
  • unit tests and additional checks:
    • unit test failure modes for get_interface_address*
    • ensure the get_interface_address* functions either return a valid address, or zero the memory associated with the address pointer
    • ensure free_interface_address6_list handles NULL list pointers correctly

comment:10 Changed 4 years ago by nickm

Resolution: fixed
Status: needs_reviewclosed

Cherry-picked to maint-0.2.7! Thank you!

(Please make future 0.2.7 fix branches against the maint-0.2.7 upstream branch; that will make them easier to merge.)

comment:11 Changed 4 years ago by toralf

I do assume, that 0.2.7.3-rc 9a4cac74fd2f4bb3 does not contains this fix yet ?

Oct 12 15:42:17.000 [warn] tor_addr_is_internal_(): Bug: tor_addr_is_internal() called from src/common/address.c:1646 with a non-IP address of type 11829 (on Tor 0.2.7.3-rc 9a4cac74fd2f4bb3)

Just FWIW this is a stable 64 bit Gentoo with a hardened kernel 4.2.3.

Last edited 4 years ago by toralf (previous) (diff)

comment:12 in reply to:  11 Changed 4 years ago by teor

Severity: Normal

Replying to toralf:

I do assume, that 0.2.7.3-rc 9a4cac74fd2f4bb3 does not contains this fix yet ?

Oct 12 15:42:17.000 [warn] tor_addr_is_internal_(): Bug: tor_addr_is_internal() called from src/common/address.c:1646 with a non-IP address of type 11829 (on Tor 0.2.7.3-rc 9a4cac74fd2f4bb3)

Just FWIW this is a stable 64 bit Gentoo with a hardened kernel 4.2.3.

As far as I can tell, it was merged to maint-0.2.7, which was created after the 0.2.7-rc release.

Note: See TracTickets for help on using tickets.