Opened 4 years ago

Closed 2 years ago

#18656 closed defect (duplicate)

Relay publishing malformed 'dirreq-v3-reqs' line

Reported by: atagar Owned by: andrea
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version: Tor: 0.2.7.6
Severity: Normal Keywords: memory-corruption
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Starting fourteen hours ago relay C871C91489886D5E2E94C13EA1A5FDC4B6DC5204 started publishing an extrainfo descriptor that has non-ascii content on its dirreq-v3-reqs line. This causes Stem (and possibly MetricsLib) to choke, and should be getting rejected by the DirAuths.

This descriptor can presently be fetched with...

% curl http://193.23.244.244:80/tor/extra/fp/C871C91489886D5E2E94C13EA1A5FDC4B6DC5204

See attached for a copy.

Child Tickets

Attachments (1)

extrainfo_C871C91489886D5E2E94C13EA1A5FDC4B6DC5204 (1.8 KB) - added by atagar 4 years ago.
Extrainfo descriptor

Download all attachments as: .zip

Change History (17)

Changed 4 years ago by atagar

Extrainfo descriptor

comment:1 Changed 4 years ago by dcf

In addition to the non-ASCII country labels, the counts are nonsensical:

dirreq-v3-reqs Sÿ=4026597208,Sÿ=4026597208,Sÿ=4026597208,Sÿ=4026597208,Sÿ=4026597208,Sÿ=4026597208,¥þ=4026591624,6=4026537520,6=4026537520,6=4026537520,us=8
4026597208 = 0xf000ff58
4026591624 = 0xf000e988
4026537520 = 0xf0001630

The label Sÿ is probably 0xff53, ¥þ is probably 0xfea5, and 6 is probably 0x0036.

comment:2 Changed 4 years ago by atagar

This was causing one of DocTor's checks to have issues so gave karsten a head's up too. Stem now has better validation for non-ascii content.

comment:3 Changed 4 years ago by nickm

Very odd. Is it running an unusual version of Tor or something?

comment:4 Changed 4 years ago by atagar

Matthew reached out to the relay operator and he says nay. I'm a little more suspicious of a corrupted geoip db since this is mangling the country codes, but just a guess.

comment:5 Changed 4 years ago by teor

If it's mangling the counts as well, it could be in-memory data structure corruption.

comment:6 Changed 4 years ago by atagar

newton (the relay publishing these extrainfo descriptors) is back in the consensus. You can currently run the aforementioned curl command to see it.

Very odd. Is it running an unusual version of Tor or something?

According to Atlas it's running Tor 0.2.7.6 on Linux.

comment:7 Changed 4 years ago by teor

Keywords: 029-proposed memory-corruption TorCoreTeam201605 added
Milestone: Tor: 0.2.???
Version: Tor: 0.2.7.6

There seem to be two issues here:

  • the relay consistently produces non-ascii extrainfo content, and
  • the authorities accept non-ascii extrainfo descriptors.

I've split the validation issue into #18938 - Authorities should reject non-ASCII content in ExtraInfo descriptors.

Let's try to track down the data structure corruption in this task.

comment:8 Changed 4 years ago by nickm

Keywords: 029-nickm-unsure added

Marking these tickets as the ones I think I need more feedback about in order to figure out if I think it should go in 0.2.9.

comment:9 Changed 4 years ago by andrea

Owner: set to andrea
Status: newassigned

comment:10 Changed 4 years ago by nickm

Keywords: 029-proposed removed
Status: assignedneeds_information

Yanking this out of 029-proposed. I think #18938 is worth thinking about, but tracking down the corruption here will be needs_information for now.

comment:11 Changed 3 years ago by nickm

Keywords: TorCoreTeam201605 removed

Remove "TorCoreTeam201605" keyword. The time machine is broken.

comment:12 Changed 3 years ago by teor

Milestone: Tor: 0.2.???Tor: 0.3.???

Milestone renamed

comment:13 Changed 3 years ago by nickm

Keywords: tor-03-unspecified-201612 added
Milestone: Tor: 0.3.???Tor: unspecified

Finally admitting that 0.3.??? was a euphemism for Tor: unspecified all along.

comment:14 Changed 2 years ago by nickm

Keywords: tor-03-unspecified-201612 removed

Remove an old triaging keyword.

comment:15 Changed 2 years ago by nickm

Keywords: 029-nickm-unsure removed

comment:16 Changed 2 years ago by nickm

Resolution: duplicate
Status: needs_informationclosed

This seems to be a duplicate of #16858; and also likely to be fixed in #22490.

Note: See TracTickets for help on using tickets.