Ucspi-tcp Automated Code Checks

HulaHoop · July 13, 2014, 3:33pm

Patrick because you are well known in the TAILS community and so its likely they’ll listen, is it ok if you post to them my idea about scanning ucspi-tcp with Valgrind to check it doesn’t have memory safety issues? If anyone of them is familiar with C they may be able to patch it if problems arise. For static analysis of the code they can run it free through Coverity Scan or use PeachFuzzer.

https://scan.coverity.com/users/sign_up

I saw your comment on the Apparmor wishlist for a profile for this component, so we are ok in that front containment front, but its better not to have exploitable holes in the first place.

This may see unreasonable, but considering what we are potenitally up against, these measures are needed to cut it.

HulaHoop · July 13, 2014, 3:49pm

Actually I am not sure what language ucspi-tcp is written in. I was looking at someone’s repo that had a Ruby wrapper for this package and mistaked it for the server itself.

Patrick · July 13, 2014, 5:59pm

Reasonable. Sure, fixing holes in the first place is better. A multi layered security concept with AppArmor as one line of defense.

If problems are found, those can be reported against Debian. We’re lucky, that they have a dedicated security team, capable of C, and they would fix any security issues, and Whonix would automatically profit from their fixes in the security repository. Great to be based on Debian.

ucspi-tcp is written in C. For a quick look, you can use “apt-get source ucspi-tcp”.

I do not follow what Tails has to do with this? They are not using control-port-filter / ucspi-tcp.

HulaHoop · July 13, 2014, 6:39pm

I assume TAILS uses it because that security enhancement for ControlPort Filter was discussed and implemented by them first.

If they have nothing to do with it then I would like to be of assistance in auditing/fuzzing this package with your assistance. Just walk me through how to:

compile ucspi from source with the correct debugging hooks so Valgrind can use it:
Valgrind
I’ll be happy to send the logs as I would have no idea whats in them or how to fix it , but the Debian guys will.
Import the source code that I got from Debian repos in to Git so I can sign onto Coverity and run a check.
Check with PeachFuzzer by following this guide: http://www.flinkd.org/2011/07/fuzzing-with-peach-part-1/

Patrick · July 13, 2014, 7:56pm

There is also a few people who can be found on search engines, who forked ucspi-tcp, who might be willing and able to help this cause.

[quote=“HulaHoop, post:4, topic:363”]I assume TAILS uses it because that security enhancement for ControlPort Filter was discussed and implemented by them first.

It was about limiting the characters allowed to 128, which is good, but has no relation to ucspi-tcp.

If they have nothing to do with it then I would like to be of assistance in auditing/fuzzing this package with your assistance.

Terrific!

1. compile ucspi from source with the correct debugging hooks so Valgrind can use it: http://valgrind.org/docs/manual/quick-start.html I'll be happy to send the logs as I would have no idea whats in them or how to fix it , but the Debian guys will.

Sounds good.

2. Import the source code that I got from Debian repos in to Git so I can sign onto Coverity and run a check.

debian/control contains.

Maintainer: Gerrit Pape <pape@smarden.org> Vcs-Git: http://smarden.org/git/ucspi-tcp.git/

Getting it from git is better than apt-get source, but anyway. The Vcs-Git link is currently offline. Please tell Gerrit Pape about it.

If there is no reply, we need to open a bug against Debian. But let’s not expect the worst.

3. Check with PeachFuzzer by following this guide: http://www.flinkd.org/2011/07/fuzzing-with-peach-part-1/

Sounds good.

HulaHoop · July 13, 2014, 9:59pm

Shot Gerrit a mail.

What I could probably do know is try with Valgrind with the running package. Lacking explicit debugging options in the source code may make looking at the log harder. At the moment I am concerned about getting an idea if there is any memory problems at all.

When running it some hours ago, I had run into issues and so I’ll describe them.

HulaHoop · July 13, 2014, 10:12pm


gives error:

command not found


What an I doing wrong here? The command syntax is wrong but I can't figure out how to do this.

gives error:

command not found

What an I doing wrong here? The command syntax is wrong but I can’t figure out how to do this.

Patrick · July 13, 2014, 10:48pm

(Perhaps helpful for this: Tor Browser Essentials)

This doesn’t even work when just typing “ucspi-tcp” in the shell, because there is no such command “ucspi-tcp”. The command we’re using is “tcpserver”. But also just running “tcpserver” won’t do much, just show “tcpserver”'s help.

Inspired by /usr/bin/controlportfilt.

On Whonix-Gateway.

Stop control-port-filter, because we’ll start tcpserver manually.

sudo service control-port-filter stop

Let’s first test if this is working without involving valgrind.

sudo -u debian-tor tcpserver \ -v \ -1 \ -l host \ -H \ 0 \ 9052 \ /bin/bash -x -c /usr/lib/cpf-tcpserver

In Whonix 8, path is /usr/lib/whonix/cpf-tcpserver.

Check if Control Port Filter is still working (Tor Browser Essentials).

tail -f /var/log/controlportfilt.log

Now involve valgrind into the equation.

sudo -u debian-tor valgrind --leak-check=yes tcpserver \ -v \ -1 \ -l host \ -H \ 0 \ 9052 \ /bin/bash -x -c /usr/lib/cpf-tcpserver

Maybe that helps.

HulaHoop · July 13, 2014, 10:49pm

dpkg -L ucspi-tcp

lists all binaries under the metapackage ucspi-tcp.
The actual binaries are many of which the most important being tcpserver

/.
/usr
/usr/bin
/usr/bin/tcprules
/usr/bin/tcpserver
/usr/bin/addcr
/usr/bin/mconnect-io
/usr/bin/rblsmtpd
/usr/bin/argv0
/usr/bin/recordio
/usr/bin/fixcrio
/usr/bin/tcprulescheck
/usr/bin/tcpclient
/usr/bin/who@
/usr/bin/http@
/usr/bin/date@
/usr/bin/finger@
/usr/bin/delcr
/usr/bin/mconnect
/usr/bin/tcpcat
/usr/share
/usr/share/man
/usr/share/man/man1
/usr/share/man/man1/recordio.1.gz
/usr/share/man/man1/argv0.1.gz
/usr/share/man/man1/who@.1.gz
/usr/share/man/man1/tcprules.1.gz
/usr/share/man/man1/rblsmtpd.1.gz
/usr/share/man/man1/addcr.1.gz
/usr/share/man/man1/fixcrio.1.gz
/usr/share/man/man1/http@.1.gz
/usr/share/man/man1/tcpclient.1.gz
/usr/share/man/man1/delcr.1.gz
/usr/share/man/man1/tcprulescheck.1.gz
/usr/share/man/man1/tcpcat.1.gz
/usr/share/man/man1/tcpserver.1.gz
/usr/share/man/man1/date@.1.gz
/usr/share/man/man1/mconnect.1.gz
/usr/share/man/man1/finger@.1.gz
/usr/share/doc
/usr/share/doc/ucspi-tcp
/usr/share/doc/ucspi-tcp/changelog.Debian.gz
/usr/share/doc/ucspi-tcp/copyright
/usr/share/doc/ucspi-tcp/README
/usr/share/doc/ucspi-tcp/README.Debian
/usr/share/doc/ucspi-tcp/NEWS.Debian.gz
/usr/share/doc/ucspi-tcp/changelog.gz
/usr/share/doc/ucspi-tcp/VERSION
/usr/share/doc/ucspi-tcp/TODO

valgrind --tool=memcheck --leak-check=full tcpserver

HEAP SUMMARY:
in use at exit: 0 bytes in 0 blocks
total heap usage: 0 bytes in 0 blocks

All heap blocks were freed – no leaks possible

Its my guess that the check needs to be run for every binary listed for this package?

Patrick · July 13, 2014, 11:08pm

metapackage ucspi-tcp.

ucspi-tcp is not a metapackage by debian packaging definition. It’s just a package that provides multiple binaries. Not special in this regard.

Its my guess that the check needs to be run for every binary listed for this package?

You can do this, but I don’t think you’ll find anything interesting. Just as for example running “cp --help” doesn’t move any files, running “tcpserver” don’t use networking.

See my earlier answer Whonix Forum on how to make a real world test and/or use tcpserver for any other real purpose. Once you found tcpserver useful, get valgrind involved.

HulaHoop · July 13, 2014, 11:24pm

ok, but are these alternate parameters or all part of the same one?

-v \ -1 \ -l host \ -H \ 0 \ 9052 \ /bin/bash -x -c /usr/lib/cpf-tcpserver

Patrick · July 13, 2014, 11:50pm

Not sure I understand. The parameters are copied from /usr/bin/controlportfilt. Those are really used there. Just have a look at /usr/bin/controlportfilt. Use them all at once. Otherwise for example “-v” alone will again do nothing.

HulaHoop · July 14, 2014, 12:17am

unknown user debian:tor

Patrick · July 14, 2014, 12:21am

debian-tor

Sorry.

HulaHoop · July 14, 2014, 2:45am

2 problems:

control-port-filter: unrecognized service

tcpserver: fatal: unable to bind: address already taken

I’d say the second error is the result of the first.

Patrick · July 14, 2014, 4:04am

controlportfiltd on Whonix 8. control-port-filter in Whonix 9.

(You can find the names of services/daemon check /etc/init.d/ folder and using bash competition [press after tying “sudo service c”].)

HulaHoop · July 14, 2014, 3:29pm

/usr/lib/cpf-tcpserver no such file or directory

Patrick · July 14, 2014, 3:36pm

In Whonix 8, path is /usr/lib/whonix/cpf-tcpserver.

HulaHoop · July 15, 2014, 1:54am

sudo -u debian-tor tcpserver -v -1 -l host -H 0 9052 /bin/bash -x -c /usr/lib/whonix/cpf-tcpserver

[code]root@host:/home/user# sudo service controlportfiltd stop
root@host:/home/user# sudo -u debian-tor tcpserver -v -1 -l host -H 0 9052 /bin/bash -x -c /usr/lib/whonix/cpf-tcpserver
9052
tcpserver: status: 0/40
tcpserver: status: 1/40
tcpserver: pid 15004 from 192.168.0.11
tcpserver: ok 15004 host:192.168.0.10:9052 :192.168.0.11::41768

‘[’ -z ‘’ ‘]’
return
/usr/lib/whonix/cpf-tcpserver
set -o pipefail
LOG=/var/log/controlportfilt.log
trap error_handler ERR
trap trap_sigint SIGINT
++ uuidgen -r
ID=0dfc0d53-58e7-45ca-b06a-610ef52721c1
cpf_pid=15004
echo '0dfc0d53-58e7-45ca-b06a-610ef52721c1 INFO: Getting connection… cpf_pid: 15004 | LD_PRELOAD: ’
kill_after=5s
timeout_after=5s
‘[’ -d /etc/controlportfilt.d ‘]’
for i in ‘/etc/controlportfilt.d/*’
‘[’ -f /etc/controlportfilt.d/30_controlportfilt_default ‘]’
‘[’ t = ‘~’ ‘]’
grep -q .dpkg-
echo /etc/controlportfilt.d/30_controlportfilt_default
source /etc/controlportfilt.d/30_controlportfilt_default
++ CONTROL_PORT_FILTER_PROXY=1
++ CONTROL_PORT_FILTER_VERBOSE=0
++ CONTROL_PORT_FILTER_WHITELIST=(“AUTHENTICATE” “GETINFO net/listeners/socks” “GETINFO status/bootstrap-phase” “SIGNAL NEWNYM” “QUIT”)
‘[’ 0 = 1 ‘]’
i=0
for element in ‘"${CONTROL_PORT_FILTER_WHITELIST[@]}"’
CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[$i]=authenticate
i=1
for element in ‘"${CONTROL_PORT_FILTER_WHITELIST[@]}"’
CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[$i]=‘getinfo net/listeners/socks’
i=2
for element in ‘"${CONTROL_PORT_FILTER_WHITELIST[@]}"’
CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[$i]=‘getinfo status/bootstrap-phase’
i=3
for element in ‘"${CONTROL_PORT_FILTER_WHITELIST[@]}"’
CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[$i]=‘signal newnym’
i=4
for element in ‘"${CONTROL_PORT_FILTER_WHITELIST[@]}"’
CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[$i]=quit
i=5
for element in ‘"${CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[@]}"’
true ‘CONTROL_PORT_FILTER_LOWERCASE_WHITELIST element: authenticate’
for element in ‘"${CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[@]}"’
true ‘CONTROL_PORT_FILTER_LOWERCASE_WHITELIST element: getinfo net/listeners/socks’
for element in ‘"${CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[@]}"’
true ‘CONTROL_PORT_FILTER_LOWERCASE_WHITELIST element: getinfo status/bootstrap-phase’
for element in ‘"${CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[@]}"’
true ‘CONTROL_PORT_FILTER_LOWERCASE_WHITELIST element: signal newnym’
for element in ‘"${CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[@]}"’
true ‘CONTROL_PORT_FILTER_LOWERCASE_WHITELIST element: quit’
check_tor
trap error_handler ERR
‘[’ -f /var/run/tor/control.authcookie ‘]’
tor_authcookie=0
‘[’ -f /var/run/tor/tor.pid ‘]’
tor_pid=1
++ cat /var/run/tor/tor.pid
tor_pid=2433
tor_pid_running=0
kill -0 2433
‘[’ 0 = 0 ‘]’
‘[’ 0 = 0 ‘]’
check_tor_result=0
‘[’ ‘!’ 0 = 0 ‘]’
read -r
’ cleaned_reply='GETINFO status/bootstrap-phase
++ tr ‘\r’ ’ ‘
’+ echo 'GETINFO status/bootstrap-phase
cleaned_reply='GETINFO status/bootstrap-phase '
++ tr ‘\n’ ’ '
++ echo 'GETINFO status/bootstrap-phase ’
cleaned_reply='GETINFO status/bootstrap-phase '
++ sed -e ‘s/ {1,}$//’
++ echo 'GETINFO status/bootstrap-phase ’
cleaned_reply=‘GETINFO status/bootstrap-phase’
received ‘GETINFO status/bootstrap-phase’
trap error_handler ERR
true ‘GETINFO status/bootstrap-phase’
echo ‘0dfc0d53-58e7-45ca-b06a-610ef52721c1 GOT: GETINFO status/bootstrap-phase’
‘[’ ‘GETINFO status/bootstrap-phase’ = ‘’ ‘]’
read -r first_word _
‘[’ getinfo = authenticate ‘]’
‘[’ getinfo = quit ‘]’
ok=0
for element in ‘"${CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[@]}"’
true ‘CONTROL_PORT_FILTER_LOWERCASE_WHITELIST element: authenticate’
‘[’ ‘getinfo status/bootstrap-phase’ = authenticate ‘]’
for element in ‘"${CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[@]}"’
true ‘CONTROL_PORT_FILTER_LOWERCASE_WHITELIST element: getinfo net/listeners/socks’
‘[’ ‘getinfo status/bootstrap-phase’ = ‘getinfo net/listeners/socks’ ‘]’
for element in ‘"${CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[@]}"’
true ‘CONTROL_PORT_FILTER_LOWERCASE_WHITELIST element: getinfo status/bootstrap-phase’
‘[’ ‘getinfo status/bootstrap-phase’ = ‘getinfo status/bootstrap-phase’ ‘]’
ok=1
true ‘ok: reply getinfo status/bootstrap-phase = element getinfo status/bootstrap-phase’
break
‘[’ ‘!’ 1 = 1 ‘]’
lie_when=‘GETINFO net/listeners/socks’
‘[’ ‘getinfo status/bootstrap-phase’ = ‘getinfo net/listeners/socks’ ‘]’
++ mktemp --directory
temp_directory=/tmp/tmp.WAI8uDppTk
IN=/tmp/tmp.WAI8uDppTk/in_0dfc0d53-58e7-45ca-b06a-610ef52721c1
OUT=/tmp/tmp.WAI8uDppTk/out_0dfc0d53-58e7-45ca-b06a-610ef52721c1
mkfifo /tmp/tmp.WAI8uDppTk/in_0dfc0d53-58e7-45ca-b06a-610ef52721c1
mkfifo /tmp/tmp.WAI8uDppTk/out_0dfc0d53-58e7-45ca-b06a-610ef52721c1
NC_PID=15022
check_tor
trap error_handler ERR
‘[’ -f /var/run/tor/control.authcookie ‘]’
tor_authcookie=0
‘[’ -f /var/run/tor/tor.pid ‘]’
tor_pid=1
++ cat /var/run/tor/tor.pid
nc 127.0.0.1 9051
tor_pid=2433
tor_pid_running=0
kill -0 2433
‘[’ 0 = 0 ‘]’
‘[’ 0 = 0 ‘]’
check_tor_result=0
‘[’ ‘!’ 0 = 0 ‘]’
xxd_exit_code=0
++ xxd -c 32 -g 0 /var/run/tor/control.authcookie
temporary_variable_one=‘0000000: 9cea67006a7105d5dbdc03bf9703e824b02c81be5353e311c9b872c267e7ea6a …g.jq…$.,…SS…r.g…j’
‘[’ ‘!’ 0 = 0 ‘]’
read -r temporary_variable_two cookie _
wait 15025
timeout --kill-after=2s 2s echo ‘AUTHENTICATE 9cea67006a7105d5dbdc03bf9703e824b02c81be5353e311c9b872c267e7ea6a’
wait 15027
timeout --kill-after=2s 2s echo ‘GETINFO status/bootstrap-phase’
wait 15029
timeout --kill-after=2s 2s echo QUIT
++ timeout --kill-after=2s 2s cat /tmp/tmp.WAI8uDppTk/in_0dfc0d53-58e7-45ca-b06a-610ef52721c1
var='250 OK
250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY="Done"
250 OK
’50 closing connection
ps_p_exit_code=0
ps -p 15022
ps_p_exit_code=1
true
echo ‘0dfc0d53-58e7-45ca-b06a-610ef52721c1 debug: ps_p_exit_code: 1’
‘[’ ‘250 OK
250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY="Done"
250 OK
’ = ‘’ ']'g connection
true 'var: 250 OK
250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY="Done"
250 OK
’50 closing connection
echo ‘250 OK
250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY="Done"
250 OK
’50 closing connection
++ sed -n 1,1p
++ cat /tmp/tmp.WAI8uDppTk/temp_0dfc0d53-58e7-45ca-b06a-610ef52721c1
’ first_line='250 OK
++ tr ‘\r’ ’ ‘
’+ echo '250 OK
first_line='250 OK '
++ tr ‘\n’ ’ '
++ echo '250 OK ’
first_line='250 OK '
++ sed -e ‘s/ {1,}$//’
++ echo '250 OK ’
first_line=‘250 OK’
‘[’ ‘250 OK’ = ‘250 OK’ ‘]’
true
++ sed -n 2,2p
++ cat /tmp/tmp.WAI8uDppTk/temp_0dfc0d53-58e7-45ca-b06a-610ef52721c1
’ second_line='250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY=“Done”
++ tr ‘\r’ ’ ‘
’+ echo '250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY=“Done”
second_line='250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY=“Done” '
++ tr ‘\n’ ’ '
++ echo '250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY=“Done” ’
second_line='250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY=“Done” '
++ sed -e ‘s/ {1,}$//’
++ echo '250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY=“Done” ’
second_line=‘250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY=“Done”’
write_back ‘250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY=“Done”’
trap error_handler ERR
printf ‘250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY=“Done”\r\n’
echo ‘0dfc0d53-58e7-45ca-b06a-610ef52721c1 BACK: 250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY=“Done”’
‘[’ ‘250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY=“Done”’ = ‘250 OK’ ‘]’
++ sed -n 3,3p
++ cat /tmp/tmp.WAI8uDppTk/temp_0dfc0d53-58e7-45ca-b06a-610ef52721c1
’ third_line='250 OK
++ tr ‘\r’ ’ ‘
’+ echo '250 OK
third_line='250 OK '
++ tr ‘\n’ ’ '
++ echo '250 OK ’
third_line='250 OK '
++ sed -e ‘s/ {1,}$//’
++ echo '250 OK ’
third_line=‘250 OK’
write_back ‘250 OK’
trap error_handler ERR
printf ‘250 OK\r\n’
echo ‘0dfc0d53-58e7-45ca-b06a-610ef52721c1 BACK: 250 OK’
read -r
cleaned_reply=$‘QUIT\r’
++ tr ‘\r’ ’ '
++ echo $‘QUIT\r’
cleaned_reply='QUIT '
++ tr ‘\n’ ’ '
++ echo 'QUIT ’
cleaned_reply='QUIT '
++ sed -e ‘s/ {1,}$//’
++ echo 'QUIT ’
cleaned_reply=QUIT
received QUIT
trap error_handler ERR
true QUIT
echo ‘0dfc0d53-58e7-45ca-b06a-610ef52721c1 GOT: QUIT’
‘[’ QUIT = ‘’ ‘]’
read -r first_word _
‘[’ quit = authenticate ‘]’
‘[’ quit = quit ‘]’
break
echo '0dfc0d53-58e7-45ca-b06a-610ef52721c1 INFO: End.'
tcpserver: end 15004 status 0
tcpserver: status: 0/40
tcpserver: status: 1/40
tcpserver: pid 15079 from 192.168.0.11
tcpserver: ok 15079 host:192.168.0.10:9052 :192.168.0.11::41770
‘[’ -z ‘’ ‘]’
return
/usr/lib/whonix/cpf-tcpserver
set -o pipefail
LOG=/var/log/controlportfilt.log
trap error_handler ERR
trap trap_sigint SIGINT
++ uuidgen -r
ID=b2c73fd5-79d5-4271-bd8e-cc6f790ab8f6
cpf_pid=15079
echo 'b2c73fd5-79d5-4271-bd8e-cc6f790ab8f6 INFO: Getting connection… cpf_pid: 15079 | LD_PRELOAD: ’
kill_after=5s
timeout_after=5s
‘[’ -d /etc/controlportfilt.d ‘]’
for i in ‘/etc/controlportfilt.d/*’
‘[’ -f /etc/controlportfilt.d/30_controlportfilt_default ‘]’
‘[’ t = ‘~’ ‘]’
grep -q .dpkg-
echo /etc/controlportfilt.d/30_controlportfilt_default
source /etc/controlportfilt.d/30_controlportfilt_default
++ CONTROL_PORT_FILTER_PROXY=1
++ CONTROL_PORT_FILTER_VERBOSE=0
++ CONTROL_PORT_FILTER_WHITELIST=(“AUTHENTICATE” “GETINFO net/listeners/socks” “GETINFO status/bootstrap-phase” “SIGNAL NEWNYM” “QUIT”)
‘[’ 0 = 1 ‘]’
i=0
for element in ‘"${CONTROL_PORT_FILTER_WHITELIST[@]}"’
CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[$i]=authenticate
i=1
for element in ‘"${CONTROL_PORT_FILTER_WHITELIST[@]}"’
CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[$i]=‘getinfo net/listeners/socks’
i=2
for element in ‘"${CONTROL_PORT_FILTER_WHITELIST[@]}"’
CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[$i]=‘getinfo status/bootstrap-phase’
i=3
for element in ‘"${CONTROL_PORT_FILTER_WHITELIST[@]}"’
CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[$i]=‘signal newnym’
i=4
for element in ‘"${CONTROL_PORT_FILTER_WHITELIST[@]}"’
CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[$i]=quit
i=5
for element in ‘"${CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[@]}"’
true ‘CONTROL_PORT_FILTER_LOWERCASE_WHITELIST element: authenticate’
for element in ‘"${CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[@]}"’
true ‘CONTROL_PORT_FILTER_LOWERCASE_WHITELIST element: getinfo net/listeners/socks’
for element in ‘"${CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[@]}"’
true ‘CONTROL_PORT_FILTER_LOWERCASE_WHITELIST element: getinfo status/bootstrap-phase’
for element in ‘"${CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[@]}"’
true ‘CONTROL_PORT_FILTER_LOWERCASE_WHITELIST element: signal newnym’
for element in ‘"${CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[@]}"’
true ‘CONTROL_PORT_FILTER_LOWERCASE_WHITELIST element: quit’
check_tor
trap error_handler ERR
‘[’ -f /var/run/tor/control.authcookie ‘]’
tor_authcookie=0
‘[’ -f /var/run/tor/tor.pid ‘]’
tor_pid=1
++ cat /var/run/tor/tor.pid
tor_pid=2433
tor_pid_running=0
kill -0 2433
‘[’ 0 = 0 ‘]’
‘[’ 0 = 0 ‘]’
check_tor_result=0
‘[’ ‘!’ 0 = 0 ‘]’
read -r
’ cleaned_reply='GETINFO status/bootstrap-phase
++ tr ‘\r’ ’ ‘
’+ echo 'GETINFO status/bootstrap-phase
cleaned_reply='GETINFO status/bootstrap-phase '
++ tr ‘\n’ ’ '
++ echo 'GETINFO status/bootstrap-phase ’
cleaned_reply='GETINFO status/bootstrap-phase '
++ sed -e ‘s/ {1,}$//’
++ echo 'GETINFO status/bootstrap-phase ’
cleaned_reply=‘GETINFO status/bootstrap-phase’
received ‘GETINFO status/bootstrap-phase’
trap error_handler ERR
true ‘GETINFO status/bootstrap-phase’
echo ‘b2c73fd5-79d5-4271-bd8e-cc6f790ab8f6 GOT: GETINFO status/bootstrap-phase’
‘[’ ‘GETINFO status/bootstrap-phase’ = ‘’ ‘]’
read -r first_word _
‘[’ getinfo = authenticate ‘]’
‘[’ getinfo = quit ‘]’
ok=0
for element in ‘"${CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[@]}"’
true ‘CONTROL_PORT_FILTER_LOWERCASE_WHITELIST element: authenticate’
‘[’ ‘getinfo status/bootstrap-phase’ = authenticate ‘]’
for element in ‘"${CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[@]}"’
true ‘CONTROL_PORT_FILTER_LOWERCASE_WHITELIST element: getinfo net/listeners/socks’
‘[’ ‘getinfo status/bootstrap-phase’ = ‘getinfo net/listeners/socks’ ‘]’
for element in ‘"${CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[@]}"’
true ‘CONTROL_PORT_FILTER_LOWERCASE_WHITELIST element: getinfo status/bootstrap-phase’
‘[’ ‘getinfo status/bootstrap-phase’ = ‘getinfo status/bootstrap-phase’ ‘]’
ok=1
true ‘ok: reply getinfo status/bootstrap-phase = element getinfo status/bootstrap-phase’
break
‘[’ ‘!’ 1 = 1 ‘]’
lie_when=‘GETINFO net/listeners/socks’
‘[’ ‘getinfo status/bootstrap-phase’ = ‘getinfo net/listeners/socks’ ‘]’
++ mktemp --directory
temp_directory=/tmp/tmp.C8j2sARSPN
IN=/tmp/tmp.C8j2sARSPN/in_b2c73fd5-79d5-4271-bd8e-cc6f790ab8f6
OUT=/tmp/tmp.C8j2sARSPN/out_b2c73fd5-79d5-4271-bd8e-cc6f790ab8f6
mkfifo /tmp/tmp.C8j2sARSPN/in_b2c73fd5-79d5-4271-bd8e-cc6f790ab8f6
mkfifo /tmp/tmp.C8j2sARSPN/out_b2c73fd5-79d5-4271-bd8e-cc6f790ab8f6
NC_PID=15097
check_tor
trap error_handler ERR
‘[’ -f /var/run/tor/control.authcookie ‘]’
tor_authcookie=0
‘[’ -f /var/run/tor/tor.pid ‘]’
tor_pid=1
++ cat /var/run/tor/tor.pid
nc 127.0.0.1 9051
tor_pid=2433
tor_pid_running=0
kill -0 2433
‘[’ 0 = 0 ‘]’
‘[’ 0 = 0 ‘]’
check_tor_result=0
‘[’ ‘!’ 0 = 0 ‘]’
xxd_exit_code=0
++ xxd -c 32 -g 0 /var/run/tor/control.authcookie
temporary_variable_one=‘0000000: 9cea67006a7105d5dbdc03bf9703e824b02c81be5353e311c9b872c267e7ea6a …g.jq…$.,…SS…r.g…j’
‘[’ ‘!’ 0 = 0 ‘]’
read -r temporary_variable_two cookie _
wait 15100
timeout --kill-after=2s 2s echo ‘AUTHENTICATE 9cea67006a7105d5dbdc03bf9703e824b02c81be5353e311c9b872c267e7ea6a’
wait 15102
timeout --kill-after=2s 2s echo ‘GETINFO status/bootstrap-phase’
wait 15104
timeout --kill-after=2s 2s echo QUIT
++ timeout --kill-after=2s 2s cat /tmp/tmp.C8j2sARSPN/in_b2c73fd5-79d5-4271-bd8e-cc6f790ab8f6
var='250 OK
250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY="Done"
250 OK
’50 closing connection
ps_p_exit_code=0
ps -p 15097
ps_p_exit_code=1
true
echo ‘b2c73fd5-79d5-4271-bd8e-cc6f790ab8f6 debug: ps_p_exit_code: 1’
‘[’ ‘250 OK
250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY="Done"
250 OK
’ = ‘’ ']'g connection
true 'var: 250 OK
250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY="Done"
250 OK
’50 closing connection
echo ‘250 OK
250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY="Done"
250 OK
’50 closing connection
++ sed -n 1,1p
++ cat /tmp/tmp.C8j2sARSPN/temp_b2c73fd5-79d5-4271-bd8e-cc6f790ab8f6
’ first_line='250 OK
++ tr ‘\r’ ’ ‘
’+ echo '250 OK
first_line='250 OK '
++ tr ‘\n’ ’ '
++ echo '250 OK ’
first_line='250 OK '
++ sed -e ‘s/ {1,}$//’
++ echo '250 OK ’
first_line=‘250 OK’
‘[’ ‘250 OK’ = ‘250 OK’ ‘]’
true
++ sed -n 2,2p
++ cat /tmp/tmp.C8j2sARSPN/temp_b2c73fd5-79d5-4271-bd8e-cc6f790ab8f6
’ second_line='250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY=“Done”
++ tr ‘\r’ ’ ‘
’+ echo '250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY=“Done”
second_line='250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY=“Done” '
++ tr ‘\n’ ’ '
++ echo '250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY=“Done” ’
second_line='250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY=“Done” '
++ sed -e ‘s/ {1,}$//’
++ echo '250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY=“Done” ’
second_line=‘250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY=“Done”’
write_back ‘250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY=“Done”’
trap error_handler ERR
printf ‘250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY=“Done”\r\n’
echo ‘b2c73fd5-79d5-4271-bd8e-cc6f790ab8f6 BACK: 250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY=“Done”’
‘[’ ‘250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY=“Done”’ = ‘250 OK’ ‘]’
++ sed -n 3,3p
++ cat /tmp/tmp.C8j2sARSPN/temp_b2c73fd5-79d5-4271-bd8e-cc6f790ab8f6
’ third_line='250 OK
++ tr ‘\r’ ’ ‘
’+ echo '250 OK
third_line='250 OK '
++ tr ‘\n’ ’ '
++ echo '250 OK ’
third_line='250 OK '
++ sed -e ‘s/ {1,}$//’
++ echo '250 OK ’
third_line=‘250 OK’
write_back ‘250 OK’
trap error_handler ERR
printf ‘250 OK\r\n’
echo ‘b2c73fd5-79d5-4271-bd8e-cc6f790ab8f6 BACK: 250 OK’
read -r
cleaned_reply=$‘QUIT\r’
++ tr ‘\r’ ’ '
++ echo $‘QUIT\r’
cleaned_reply='QUIT '
++ tr ‘\n’ ’ '
++ echo 'QUIT ’
cleaned_reply='QUIT '
++ sed -e ‘s/ {1,}$//’
++ echo 'QUIT ’
cleaned_reply=QUIT
received QUIT
trap error_handler ERR
true QUIT
echo ‘b2c73fd5-79d5-4271-bd8e-cc6f790ab8f6 GOT: QUIT’
‘[’ QUIT = ‘’ ‘]’
read -r first_word _
‘[’ quit = authenticate ‘]’
‘[’ quit = quit ‘]’
break
echo 'b2c73fd5-79d5-4271-bd8e-cc6f790ab8f6 INFO: End.'
tcpserver: end 15079 status 0
tcpserver: status: 0/40
[/code]

controlportfilt.log

0dfc0d53-58e7-45ca-b06a-610ef52721c1 BACK: 250 OK 0dfc0d53-58e7-45ca-b06a-610ef52721c1 GOT: QUIT 0dfc0d53-58e7-45ca-b06a-610ef52721c1 INFO: End. b2c73fd5-79d5-4271-bd8e-cc6f790ab8f6 INFO: Getting connection... cpf_pid: 15079 | LD_PRELOAD: b2c73fd5-79d5-4271-bd8e-cc6f790ab8f6 GOT: GETINFO status/bootstrap-phase b2c73fd5-79d5-4271-bd8e-cc6f790ab8f6 debug: ps_p_exit_code: 1 b2c73fd5-79d5-4271-bd8e-cc6f790ab8f6 BACK: 250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY="Done" b2c73fd5-79d5-4271-bd8e-cc6f790ab8f6 BACK: 250 OK b2c73fd5-79d5-4271-bd8e-cc6f790ab8f6 GOT: QUIT b2c73fd5-79d5-4271-bd8e-cc6f790ab8f6 INFO: End.

root@host:/home/user# sudo -u debian-tor valgrind --leak-check=full --show-reachable=yes tcpserver -v -1 -l host -H 0 9052 /bin/bash -x -c /usr/lib/whonix/cpf-tcpserver ==16783== Memcheck, a memory error detector ==16783== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. ==16783== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info ==16783== Command: tcpserver -v -1 -l host -H 0 9052 /bin/bash -x -c /usr/lib/whonix/cpf-tcpserver ==16783== tcpserver: fatal: unable to bind: address already used ==16783== ==16783== HEAP SUMMARY: ==16783== in use at exit: 976 bytes in 1 blocks ==16783== total heap usage: 3 allocs, 2 frees, 2,496 bytes allocated ==16783== ==16783== 976 bytes in 1 blocks are still reachable in loss record 1 of 1 ==16783== at 0x4028308: malloc (vg_replace_malloc.c:263) ==16783== by 0x804DDB7: ??? (in /usr/bin/tcpserver) ==16783== by 0x804F819: ??? (in /usr/bin/tcpserver) ==16783== by 0x804F2F3: ??? (in /usr/bin/tcpserver) ==16783== by 0x804E98A: ??? (in /usr/bin/tcpserver) ==16783== by 0x804E4D5: ??? (in /usr/bin/tcpserver) ==16783== by 0x804BD95: ??? (in /usr/bin/tcpserver) ==16783== by 0x804C14C: ??? (in /usr/bin/tcpserver) ==16783== by 0x804B6A1: ??? (in /usr/bin/tcpserver) ==16783== by 0x8049C1A: ??? (in /usr/bin/tcpserver) ==16783== by 0x4055E45: (below main) (libc-start.c:244) ==16783== ==16783== LEAK SUMMARY: ==16783== definitely lost: 0 bytes in 0 blocks ==16783== indirectly lost: 0 bytes in 0 blocks ==16783== possibly lost: 0 bytes in 0 blocks ==16783== still reachable: 976 bytes in 1 blocks ==16783== suppressed: 0 bytes in 0 blocks ==16783== ==16783== For counts of detected and suppressed errors, rerun with: -v ==16783== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 11 from 6)

HulaHoop · July 15, 2014, 2:03am

I’m out of my depth here but I can guess from the tutorial here: Basic Valgrind Tutorial
that there is a memory allocation problem going on.