Opened 3 years ago

Closed 3 years ago

#19466 closed defect (fixed)

Memory leak while parsing a crafted torrc

Reported by: asarubbo Owned by: nickm
Priority: Medium Milestone: Tor: 0.2.9.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: memory-leak, bug TorCoreTeam201608 review-group-7
Cc: Actual Points: .3
Parent ID: Points: .2
Reviewer: dgoulet Sponsor:

Description

There is a memory leak while tor parses a crafted config.

~ # tor --verify-config -f $CRAFTED_TORRC
Jun 20 15:59:36.509 [notice] Tor v0.2.7.6 running on Linux with Libevent 2.0.22-stable, OpenSSL 1.0.2h and Zlib 1.2.8.
Jun 20 15:59:36.531 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Jun 20 15:59:36.531 [notice] Read configuration file "/tmp/afl/out/AFL0/crashes/id:000041,sig:06,src:000000,op:havoc,rep:32".
Jun 20 15:59:36.553 [warn] The abbreviation 'no' is deprecated. Please use 'NodeFamily' instead
Jun 20 15:59:36.571 [warn] Entry 'kltorpc ' in NodeFamily is malformed. Discarding entire list.
Jun 20 15:59:36.572 [warn] Entry 'kltorpc ' in NodeFamily is malformed. Discarding entire list.
Jun 20 15:59:36.572 [err] Reading config failed--see warnings above.

=================================================================
==28441==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 16 byte(s) in 1 object(s) allocated from:

#0 0x4eb568 in malloc (/usr/bin/tor+0x4eb568)
#1 0x9fbc6b in tor_malloc_ /tmp/portage/net-misc/tor-0.2.7.6/work/tor-0.2.7.6/src/common/util.c:171:12
#2 0x9c7b82 in smartlist_new /tmp/portage/net-misc/tor-0.2.7.6/work/tor-0.2.7.6/src/common/container.c:34:21
#3 0x7e73fe in options_init_from_string /tmp/portage/net-misc/tor-0.2.7.6/work/tor-0.2.7.6/src/or/config.c:4720:7
#4 0x7e4f09 in options_init_from_torrc /tmp/portage/net-misc/tor-0.2.7.6/work/tor-0.2.7.6/src/or/config.c:4524:12
#5 0x52cf11 in tor_init /tmp/portage/net-misc/tor-0.2.7.6/work/tor-0.2.7.6/src/or/main.c:2709:7
#6 0x52e2a6 in tor_main /tmp/portage/net-misc/tor-0.2.7.6/work/tor-0.2.7.6/src/or/main.c:3271:7
#7 0x51c51d in main /tmp/portage/net-misc/tor-0.2.7.6/work/tor-0.2.7.6/src/or/tor_main.c:30:11
#8 0x444018 in _start (/usr/bin/tor+0x444018)

Indirect leak of 128 byte(s) in 1 object(s) allocated from:

#0 0x4eb568 in malloc (/usr/bin/tor+0x4eb568)
#1 0x9fbc6b in tor_malloc_ /tmp/portage/net-misc/tor-0.2.7.6/work/tor-0.2.7.6/src/common/util.c:171:12
#2 0x9fc050 in tor_malloc_zero_ /tmp/portage/net-misc/tor-0.2.7.6/work/tor-0.2.7.6/src/common/util.c:197:18
#3 0x9fc050 in tor_calloc_ /tmp/portage/net-misc/tor-0.2.7.6/work/tor-0.2.7.6/src/common/util.c:235
#4 0x9c7c0d in smartlist_new /tmp/portage/net-misc/tor-0.2.7.6/work/tor-0.2.7.6/src/common/container.c:37:14
#5 0x7e73fe in options_init_from_string /tmp/portage/net-misc/tor-0.2.7.6/work/tor-0.2.7.6/src/or/config.c:4720:7
#6 0x7e4f09 in options_init_from_torrc /tmp/portage/net-misc/tor-0.2.7.6/work/tor-0.2.7.6/src/or/config.c:4524:12
#7 0x52cf11 in tor_init /tmp/portage/net-misc/tor-0.2.7.6/work/tor-0.2.7.6/src/or/main.c:2709:7
#8 0x52e2a6 in tor_main /tmp/portage/net-misc/tor-0.2.7.6/work/tor-0.2.7.6/src/or/main.c:3271:7
#9 0x51c51d in main /tmp/portage/net-misc/tor-0.2.7.6/work/tor-0.2.7.6/src/or/tor_main.c:30:11
#10 0x444018 in _start (/usr/bin/tor+0x444018)

SUMMARY: AddressSanitizer: 144 byte(s) leaked in 2 allocation(s).

Child Tickets

Attachments (1)

torrc.example (58 bytes) - added by asarubbo 3 years ago.
crafted torrc

Download all attachments as: .zip

Change History (7)

Changed 3 years ago by asarubbo

Attachment: torrc.example added

crafted torrc

comment:1 Changed 3 years ago by cypherpunks

Component: - Select a componentCore Tor/Tor

comment:2 Changed 3 years ago by nickm

Keywords: memory-leak bug added
Milestone: Tor: 0.2.9.x-final
Points: .2

We should always fix memory leaks; putting this in 0.2.9.x-final.

comment:3 Changed 3 years ago by nickm

Owner: set to nickm
Status: newaccepted

comment:4 Changed 3 years ago by nickm

Actual Points: .3
Keywords: TorCoreTeam201608 review-group-7 added
Status: acceptedneeds_review

Okay. This was tricky to diagnose but simple to fix. Please review branch bug19466 in my public repository.

comment:5 Changed 3 years ago by dgoulet

Reviewer: dgoulet
Status: needs_reviewmerge_ready

lgtm!

Actual-review-points: 0.1

comment:6 Changed 3 years ago by nickm

Resolution: fixed
Status: merge_readyclosed

Merged!

Note: See TracTickets for help on using tickets.