#22679 closed defect (fixed)

Tor and stem library : non consistent error message with wrong password

Reported by: daftaupe Owned by: atagar
Priority: Medium Milestone:
Component: Core Tor/Stem Version:
Severity: Normal Keywords:
Cc: arma Actual Points:
Parent ID: Points:
Reviewer: Sponsor:



I'm writing a little program trying to connect to Tor (v0.2.9.10) using the stem library (v1.5.4).

The problem is that when I'm trying to use a wrong password on purpose I don't get a consistent return. I'm joining both the script I'm using and the log that I'm getting when starting the script.

I start to believe there's a bug somewhere as the code can't really much simpler.

I've taken inspiration from this page : https://stem.torproject.org/api/control.html.

Child Tickets

Attachments (2)

wrong_pass_auth.py (730 bytes) - added by daftaupe 22 months ago.
log (933 bytes) - added by daftaupe 22 months ago.

Download all attachments as: .zip

Change History (7)

Changed 22 months ago by daftaupe

Attachment: wrong_pass_auth.py added

Changed 22 months ago by daftaupe

Attachment: log added

comment:1 Changed 22 months ago by arma

Cc: arma added

comment:2 Changed 22 months ago by atagar

Interesting find, thanks for reporting this! Repros for me just fine. Fiddled with telnet but tor's behaving itself so certainly looks to be a stem issue. I'll dig into this more tomorrow.

comment:3 Changed 22 months ago by cacahuatl

From my poking at this, there seems to be some racey code in the handling of the control socket connection.

For example stem is sending a SETEVENTS command straight after AUTHENTICATE without waiting for AUTHENTICATE to return a success or fail (it of course fails with the wrong password), then Tor kills the control connection, as per the spec, and stem seems to try and use the closed socket again if it's unlucky on timing.

I was able to reproduce some of the results from their code but only when running on a less powerful CPU, with a more powerful one I got a 100% success rate.

I also found that running authenticate() in a tight loop can actually entirely lock up the python process. (stem-1.5.4 with both Tor and


#!/usr/bin/env python2
from stem.control import Controller
controller = Controller.from_port()
for i in range(0,1000):
		controller.authenticate(password = "wrong")
	except Exception as e:
		print "%s" % e

comment:4 Changed 22 months ago by daftaupe

Actually when I get some [Errno 104] Connection reset by peer, sometimes my terminal is sort of locked also if that might help.

And if I might add, I think the problem is also present when using Controller.from_socket_file

comment:5 Changed 22 months ago by atagar

Resolution: fixed
Status: newclosed

That was an interesting one. Turns out there were two issues here...

  • I was improperly performing post-authentication activities when auth fails. These follow-up requests caused the socket failures you were seeing. Fixed.
  • When closing the socket we called 'QUIT'. When unauthenticated tor sometimes responded with 'closing connection' but other times would just hang. Stem now skips calling QUIT if not yet authenticated, and reached out to Nick to see if this is something we'd care to fix in tor.

Fixed pushed on...


Thanks for reporting this! Feel free to reopen if you run into any further issues.

Note: See TracTickets for help on using tickets.