Opened 13 years ago

Last modified 7 years ago

#424 closed defect (Fixed)

Seg fault on r10125 authority

Reported by: arma Owned by:
Priority: Low Milestone:
Component: Core Tor/Tor Version: 0.2.0.0-alpha-dev
Severity: Keywords:
Cc: arma, nickm Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

#0 0x0000002a95e93cf5 in strcasecmp () from /lib/libc.so.6
#1 0x000000000043a2b6 in dirserv_orconn_tls_done (

address=0x9f0a00 "66.23.214.241", or_port=443,
digest_rcvd=0x7fbffff4a0 "1ÛL\fÛZó@á L\033Q-ÁrE\207ÿ\a", as_advertised=1)
at dirserv.c:2023

#2 0x00000000004295c6 in connection_or_check_valid_handshake (conn=0x3f937e0,

started_here=1, digest_rcvd=0x7fbffff4a0 "1ÛL\fÛZó@á L\033Q-ÁrE\207ÿ\a")
at connection_or.c:683

#3 0x000000000042988c in connection_tls_finish_handshake (conn=0x3f937e0)

at connection_or.c:710

#4 0x00000000004202ce in connection_read_to_buf (conn=0x3f937e0,

max_to_read=0x7fbffff554) at connection.c:1649

#5 0x000000000041fc15 in connection_handle_read (conn=0x3f937e0)

at connection.c:1554

#6 0x00000000004412e3 in conn_read_callback (fd=10422784, event=0,

_conn=0x2a95f207a0) at main.c:482

#7 0x0000002a9578482d in event_base_priority_init ()

from /usr/lib/libevent-1.1a.so.1

#8 0x0000002a95784a72 in event_base_loop () from /usr/lib/libevent-1.1a.so.1
#9 0x0000002a957848e5 in event_loop () from /usr/lib/libevent-1.1a.so.1
#10 0x0000000000442be1 in do_main_loop () at main.c:1358
#11 0x00000000004438fa in tor_main (argc=10422784, argv=0x0) at main.c:2585
#12 0x0000002a95e31441 in libc_start_main () from /lib/libc.so.6

(gdb) up
#1 0x000000000043a2b6 in dirserv_orconn_tls_done (

address=0x9f0a00 "66.23.214.241", or_port=443,
digest_rcvd=0x7fbffff4a0 "1ÛL\fÛZó@á L\033Q-ÁrE\207ÿ\a", as_advertised=1)
at dirserv.c:2023

2023 SMARTLIST_FOREACH(rl->routers, routerinfo_t *, ri, {
(gdb) print address
$1 = 0x9f0a00 "66.23.214.241"
(gdb) print ri->address
$2 = 0x0
(gdb) print *ri
$3 = {cache_info = {signed_descriptor_body = 0x97332d0 "(",

signed_descriptor_len = 182905534440,
signed_descriptor_digest = "\026A&\002Tç^XØ%\n`\2074}\022ÓÖ*g",
identity_digest = "q®xoY@4,[§\227(þVõØsF7\005", published_on = 1178746494,
extra_info_digest = '\0' <repeats 19 times>,
saved_location = SAVED_IN_JOURNAL, saved_offset = 16290,
do_not_cache = 0}, address = 0x0, nickname = 0x0, addr = 200508994,

or_port = 9001, dir_port = 0, onion_pkey = 0x2cf56c0,
identity_pkey = 0x40faf90, platform = 0x0, bandwidthrate = 3145728,
bandwidthburst = 6291456, bandwidthcapacity = 0, exit_policy = 0x1938090,
uptime = 442, declared_family = 0x0, contact_info = 0x0, is_hibernating = 0,
has_old_dnsworkers = 0, caches_extra_info = 0, is_running = 0, is_valid = 1,
is_named = 0, is_fast = 0, is_stable = 0, is_possible_guard = 0,
is_exit = 0, is_bad_exit = 0, purpose = 0 '\0', last_reachable = 0,
testing_since = 0, num_unreachable_notifications = 240, routerlist_index = 0}

(gdb) up
#2 0x00000000004295c6 in connection_or_check_valid_handshake (conn=0x3f937e0,

started_here=1, digest_rcvd=0x7fbffff4a0 "1ÛL\fÛZó@á L\033Q-ÁrE\207ÿ\a")
at connection_or.c:683

683 dirserv_orconn_tls_done(conn->_base.address, conn->_base.port,
(gdb) print *conn
$4 = {_base = {magic = 2100428547, type = 4 '\004', state = 4 '\004',

purpose = 0 '\0', read_blocked_on_bw = 0, write_blocked_on_bw = 0,
hold_open_until_flushed = 0, inbuf_reached_eof = 0, edge_has_sent_end = 0,
edge_blocked_on_circ = 0, or_is_obsolete = 0, chosen_exit_optional = 0,
s = 1348, conn_array_index = 141, read_event = 0x7bc7260,
write_event = 0x65ded60, inbuf = 0x5861120, outbuf = 0x1e78920,
outbuf_flushlen = 0, timestamp_lastread = 1178746732,
timestamp_lastwritten = 1178746730, timestamp_created = 1178746730,
addr = 1108858609, port = 443, marked_for_close = 0,
marked_for_close_file = 0x0, address = 0x9f0a00 "66.23.214.241",
linked_conn = 0x0, linked = 0, reading_from_linked_conn = 0,
writing_to_linked_conn = 0, active_on_link = 0},

identity_digest = "1ÛL\fÛZó@á L\033Q-ÁrE\207ÿ\a",
nickname = 0x1d155c0 "madrigal", tls = 0x4acdb30, tls_error = 0,
client_used = 0 '\0', timestamp_lastempty = 1178746731,
bandwidthrate = 3145728, bandwidthburst = 6291456, read_bucket = 6291456,
n_circuits = 0, active_circuits = 0x0, next_with_same_id = 0x0,
circ_id_type = CIRC_ID_TYPE_HIGHER, next_circ_id = 20489}

The broken routerinfo_t had an uptime of 442. I found a descriptor that
matched that in cached-routers.new, which alas looks ordinary enough:

router rexy 11.243.134.66 9001 0 0
platform Tor 0.1.2.13 on Windows XP Service Pack 2 [workstation] {terminal servi
ces, single user}
published 2007-05-09 21:34:54
opt fingerprint 71AE 786F 5940 342C 5BA7 9728 FE56 F5D8 7346 3705
uptime 442
bandwidth 3145728 6291456 0
onion-key


MIGJAoGBAMCt5iI8puWc6NrsbYkrl2CeAfUV51HoXbyRnHbPSy0IGnZJdLJC0JNl
nI33sbBqUpLbqxYWUpoO61o1PVrtCQo8Q/mY26/c6+oQfWgjAhUGm4opkxf0TAr5
4rnMGBoBaW7mv27z/yii/3bCdyw8Ewrf6CxojA1QZ9dnd7Fzn95zAgMBAAE=


signing-key


MIGJAoGBAORD3KG4cCqyjLAZshO3tSMjzuhttbZ6Jfgcam9QipAhI+V5vNgRN8Xr
5cnLHtAOsYjW3LYI/ONXTMYbr7fe/3fWBhRd7J70tLEoGc14QhNhCIQO10x7FXSk
4ueJgwyZ/G6mgk5E9K1eqljaSdJ3/n9PHQEgICFAfi6rnNQ9OnclAgMBAAE=


opt write-history 2007-05-09 21:23:13 (900 s) 105472,53248,38912,57344,71680,686
08,50176,61440,40960,57344,53248,23552,73728,25600,63488,38912,26624,70656,38912
,63488,57344,390144,43008,28672,0,47104,696320,194560,0,0,0,0,0,13312,112640,228
352
opt read-history 2007-05-09 21:23:13 (900 s) 1949696,531456,592896,528384,608256
,537600,592896,530432,583680,525312,588800,505856,608256,516096,619520,539648,59
1872,542720,607232,542720,622592,1421312,1927168,21504,0,1931264,2076672,1075200
,0,0,0,0,0,1027072,1467392,2020352
contact leucamarian at yahoo dot com
reject 0.0.0.0/8:*
reject 169.254.0.0/16:*
reject 127.0.0.0/8:*
reject 192.168.0.0/16:*
reject 10.0.0.0/8:*
reject 172.16.0.0/12:*
reject *:25
reject *:119
reject *:135-139
reject *:445
reject *:465
reject *:563
reject *:587
reject *:1214
reject *:4661-4666
reject *:6346-6429
reject *:6699
reject *:6881-6999
accept *:*
router-signature


E/e7KfpNra2+fz+4yx923vmpfOrrFDM9i4QSNkVUzC7KJV7ojJ9dxwkc0PjbV0Gm
zqkFPHe7gYqyjHa4XDQbaAQK7eMmxNgg8z4ndcpc6uZrVC8UAhX35FjYWJEVnj+7
mnOLPsokJlmcEH/+3Ln3BmKx4lfcpqAVa5/0ATDIsCY=


[Automatically added by flyspray2trac: Operating System: All]

Child Tickets

Change History (6)

comment:1 Changed 13 years ago by nickm

It's possible I've fixed this one by moving around a routerinfo_free. It's possible I haven't, though.

I'll investigate more: let me know if this comes up again?

comment:2 Changed 13 years ago by nickm

Conceivably, assuming this bug happened on moria, this was fixed by r10217.

comment:3 Changed 12 years ago by weasel

Roger, can this bug be closed?

comment:4 Changed 12 years ago by arma

Sure. I haven't seen it recently. Closing.

comment:5 Changed 12 years ago by arma

flyspray2trac: bug closed.

comment:6 Changed 7 years ago by nickm

Component: Tor RelayTor
Note: See TracTickets for help on using tickets.