Ucspi-tcp Automated Code Checks

Patrick because you are well known in the TAILS community and so its likely they’ll listen, is it ok if you post to them my idea about scanning ucspi-tcp with Valgrind to check it doesn’t have memory safety issues? If anyone of them is familiar with C they may be able to patch it if problems arise. For static analysis of the code they can run it free through Coverity Scan or use PeachFuzzer.

https://scan.coverity.com/users/sign_up

I saw your comment on the Apparmor wishlist for a profile for this component, so we are ok in that front containment front, but its better not to have exploitable holes in the first place.

This may see unreasonable, but considering what we are potenitally up against, these measures are needed to cut it.

Actually I am not sure what language ucspi-tcp is written in. I was looking at someone’s repo that had a Ruby wrapper for this package and mistaked it for the server itself.

Reasonable. Sure, fixing holes in the first place is better. A multi layered security concept with AppArmor as one line of defense.

If problems are found, those can be reported against Debian. We’re lucky, that they have a dedicated security team, capable of C, and they would fix any security issues, and Whonix would automatically profit from their fixes in the security repository. Great to be based on Debian.

ucspi-tcp is written in C. For a quick look, you can use “apt-get source ucspi-tcp”.

I do not follow what Tails has to do with this? They are not using control-port-filter / ucspi-tcp.

I assume TAILS uses it because that security enhancement for ControlPort Filter was discussed and implemented by them first.

https://www.whonix.org/forum/index.php/topic,342.msg2433

If they have nothing to do with it then I would like to be of assistance in auditing/fuzzing this package with your assistance. Just walk me through how to:

1. compile ucspi from source with the correct debugging hooks so Valgrind can use it:
   http://valgrind.org/docs/manual/quick-start.html
   I’ll be happy to send the logs as I would have no idea whats in them or how to fix it , but the Debian guys will.

2. Import the source code that I got from Debian repos in to Git so I can sign onto Coverity and run a check.

3. Check with PeachFuzzer by following this guide: http://www.flinkd.org/2011/07/fuzzing-with-peach-part-1/

There is also a few people who can be found on search engines, who forked ucspi-tcp, who might be willing and able to help this cause.

[quote=“HulaHoop, post:4, topic:363”]I assume TAILS uses it because that security enhancement for ControlPort Filter was discussed and implemented by them first.

https://www.whonix.org/forum/index.php/topic,342.msg2433[/quote]
It was about limiting the characters allowed to 128, which is good, but has no relation to ucspi-tcp.

If they have nothing to do with it then I would like to be of assistance in auditing/fuzzing this package with your assistance.

1. compile ucspi from source with the correct debugging hooks so Valgrind can use it: http://valgrind.org/docs/manual/quick-start.html I'll be happy to send the logs as I would have no idea whats in them or how to fix it , but the Debian guys will.

2. Import the source code that I got from Debian repos in to Git so I can sign onto Coverity and run a check.

Maintainer: Gerrit Pape <pape@smarden.org> Vcs-Git: http://smarden.org/git/ucspi-tcp.git/

Getting it from git is better than apt-get source, but anyway. The Vcs-Git link is currently offline. Please tell Gerrit Pape about it.

If there is no reply, we need to open a bug against Debian. But let’s not expect the worst.

3. Check with PeachFuzzer by following this guide: http://www.flinkd.org/2011/07/fuzzing-with-peach-part-1/

Shot Gerrit a mail.

What I could probably do know is try with Valgrind with the running package. Lacking explicit debugging options in the source code may make looking at the log harder. At the moment I am concerned about getting an idea if there is any memory problems at all.

When running it some hours ago, I had run into issues and so I’ll describe them.

gives error:

command not found


What an I doing wrong here? The command syntax is wrong but I can't figure out how to do this.

gives error:

command not found

What an I doing wrong here? The command syntax is wrong but I can’t figure out how to do this.

(Perhaps helpful for this: https://www.whonix.org/wiki/Tor_Browser#Verify_New_Identity)

This doesn’t even work when just typing “ucspi-tcp” in the shell, because there is no such command “ucspi-tcp”. The command we’re using is “tcpserver”. But also just running “tcpserver” won’t do much, just show “tcpserver”'s help.

Inspired by /usr/bin/controlportfilt.

On Whonix-Gateway.

Stop control-port-filter, because we’ll start tcpserver manually.

Let’s first test if this is working without involving valgrind.

sudo -u debian-tor tcpserver \ -v \ -1 \ -l host \ -H \ 0 \ 9052 \ /bin/bash -x -c /usr/lib/cpf-tcpserver

In Whonix 8, path is /usr/lib/whonix/cpf-tcpserver.

Check if Control Port Filter is still working (https://www.whonix.org/wiki/Tor_Browser#Verify_New_Identity).

Now involve valgrind into the equation.

sudo -u debian-tor valgrind --leak-check=yes tcpserver \ -v \ -1 \ -l host \ -H \ 0 \ 9052 \ /bin/bash -x -c /usr/lib/cpf-tcpserver

Maybe that helps.

dpkg -L ucspi-tcp

lists all binaries under the metapackage ucspi-tcp.
The actual binaries are many of which the most important being tcpserver

/.
/usr
/usr/bin
/usr/bin/tcprules
/usr/bin/tcpserver
/usr/bin/addcr
/usr/bin/mconnect-io
/usr/bin/rblsmtpd
/usr/bin/argv0
/usr/bin/recordio
/usr/bin/fixcrio
/usr/bin/tcprulescheck
/usr/bin/tcpclient
/usr/bin/who@
/usr/bin/http@
/usr/bin/date@
/usr/bin/finger@
/usr/bin/delcr
/usr/bin/mconnect
/usr/bin/tcpcat
/usr/share
/usr/share/man
/usr/share/man/man1
/usr/share/man/man1/recordio.1.gz
/usr/share/man/man1/argv0.1.gz
/usr/share/man/man1/who@.1.gz
/usr/share/man/man1/tcprules.1.gz
/usr/share/man/man1/rblsmtpd.1.gz
/usr/share/man/man1/addcr.1.gz
/usr/share/man/man1/fixcrio.1.gz
/usr/share/man/man1/http@.1.gz
/usr/share/man/man1/tcpclient.1.gz
/usr/share/man/man1/delcr.1.gz
/usr/share/man/man1/tcprulescheck.1.gz
/usr/share/man/man1/tcpcat.1.gz
/usr/share/man/man1/tcpserver.1.gz
/usr/share/man/man1/date@.1.gz
/usr/share/man/man1/mconnect.1.gz
/usr/share/man/man1/finger@.1.gz
/usr/share/doc
/usr/share/doc/ucspi-tcp
/usr/share/doc/ucspi-tcp/changelog.Debian.gz
/usr/share/doc/ucspi-tcp/copyright
/usr/share/doc/ucspi-tcp/README
/usr/share/doc/ucspi-tcp/README.Debian
/usr/share/doc/ucspi-tcp/NEWS.Debian.gz
/usr/share/doc/ucspi-tcp/changelog.gz
/usr/share/doc/ucspi-tcp/VERSION
/usr/share/doc/ucspi-tcp/TODO

valgrind --tool=memcheck --leak-check=full tcpserver

HEAP SUMMARY:
in use at exit: 0 bytes in 0 blocks
total heap usage: 0 bytes in 0 blocks

All heap blocks were freed – no leaks possible

Its my guess that the check needs to be run for every binary listed for this package?

metapackage ucspi-tcp.

ucspi-tcp is not a metapackage by debian packaging definition. It’s just a package that provides multiple binaries. Not special in this regard.

Its my guess that the check needs to be run for every binary listed for this package?

You can do this, but I don’t think you’ll find anything interesting. Just as for example running “cp --help” doesn’t move any files, running “tcpserver” don’t use networking.

See my earlier answer https://www.whonix.org/forum/index.php/topic,381.msg2795.html#msg2795 on how to make a real world test and/or use tcpserver for any other real purpose. Once you found tcpserver useful, get valgrind involved.

ok, but are these alternate parameters or all part of the same one?

-v \ -1 \ -l host \ -H \ 0 \ 9052 \ /bin/bash -x -c /usr/lib/cpf-tcpserver

Not sure I understand. The parameters are copied from /usr/bin/controlportfilt. Those are really used there. Just have a look at /usr/bin/controlportfilt. Use them all at once. Otherwise for example “-v” alone will again do nothing.

unknown user debian:tor

debian-tor

Sorry.

2 problems:

control-port-filter: unrecognized service

tcpserver: fatal: unable to bind: address already taken

I’d say the second error is the result of the first.

controlportfiltd on Whonix 8. control-port-filter in Whonix 9.

(You can find the names of services/daemon check /etc/init.d/ folder and using bash competition [press after tying “sudo service c”].)

/usr/lib/cpf-tcpserver no such file or directory

In Whonix 8, path is /usr/lib/whonix/cpf-tcpserver.

sudo -u debian-tor tcpserver -v -1 -l host -H 0 9052 /bin/bash -x -c /usr/lib/whonix/cpf-tcpserver

[code]root@host:/home/user# sudo service controlportfiltd stop
root@host:/home/user# sudo -u debian-tor tcpserver -v -1 -l host -H 0 9052 /bin/bash -x -c /usr/lib/whonix/cpf-tcpserver
9052
tcpserver: status: 0/40
tcpserver: status: 1/40
tcpserver: pid 15004 from 192.168.0.11
tcpserver: ok 15004 host:192.168.0.10:9052 :192.168.0.11::41768

• ‘[’ -z ‘’ ‘]’
• return
• /usr/lib/whonix/cpf-tcpserver
• set -o pipefail
• LOG=/var/log/controlportfilt.log
• trap error_handler ERR
• trap trap_sigint SIGINT
  ++ uuidgen -r
• ID=0dfc0d53-58e7-45ca-b06a-610ef52721c1
• cpf_pid=15004
• echo '0dfc0d53-58e7-45ca-b06a-610ef52721c1 INFO: Getting connection… cpf_pid: 15004 | LD_PRELOAD: ’
• kill_after=5s
• timeout_after=5s
• ‘[’ -d /etc/controlportfilt.d ‘]’
• for i in ‘/etc/controlportfilt.d/*’
• ‘[’ -f /etc/controlportfilt.d/30_controlportfilt_default ‘]’
• ‘[’ t = ‘~’ ‘]’
• grep -q .dpkg-
• echo /etc/controlportfilt.d/30_controlportfilt_default
• source /etc/controlportfilt.d/30_controlportfilt_default
  ++ CONTROL_PORT_FILTER_PROXY=1
  ++ CONTROL_PORT_FILTER_VERBOSE=0
  ++ CONTROL_PORT_FILTER_WHITELIST=(“AUTHENTICATE” “GETINFO net/listeners/socks” “GETINFO status/bootstrap-phase” “SIGNAL NEWNYM” “QUIT”)
• ‘[’ 0 = 1 ‘]’
• i=0
• for element in ‘"${CONTROL_PORT_FILTER_WHITELIST[@]}"’
• CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[$i]=authenticate
• i=1
• for element in ‘"${CONTROL_PORT_FILTER_WHITELIST[@]}"’
• CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[$i]=‘getinfo net/listeners/socks’
• i=2
• for element in ‘"${CONTROL_PORT_FILTER_WHITELIST[@]}"’
• CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[$i]=‘getinfo status/bootstrap-phase’
• i=3
• for element in ‘"${CONTROL_PORT_FILTER_WHITELIST[@]}"’
• CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[$i]=‘signal newnym’
• i=4
• for element in ‘"${CONTROL_PORT_FILTER_WHITELIST[@]}"’
• CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[$i]=quit
• i=5
• for element in ‘"${CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[@]}"’
• true ‘CONTROL_PORT_FILTER_LOWERCASE_WHITELIST element: authenticate’
• for element in ‘"${CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[@]}"’
• true ‘CONTROL_PORT_FILTER_LOWERCASE_WHITELIST element: getinfo net/listeners/socks’
• for element in ‘"${CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[@]}"’
• true ‘CONTROL_PORT_FILTER_LOWERCASE_WHITELIST element: getinfo status/bootstrap-phase’
• for element in ‘"${CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[@]}"’
• true ‘CONTROL_PORT_FILTER_LOWERCASE_WHITELIST element: signal newnym’
• for element in ‘"${CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[@]}"’
• true ‘CONTROL_PORT_FILTER_LOWERCASE_WHITELIST element: quit’
• check_tor
• trap error_handler ERR
• ‘[’ -f /var/run/tor/control.authcookie ‘]’
• tor_authcookie=0
• ‘[’ -f /var/run/tor/tor.pid ‘]’
• tor_pid=1
  ++ cat /var/run/tor/tor.pid
• tor_pid=2433
• tor_pid_running=0
• kill -0 2433
• ‘[’ 0 = 0 ‘]’
• ‘[’ 0 = 0 ‘]’
• check_tor_result=0
• ‘[’ ‘!’ 0 = 0 ‘]’
• read -r
  ’ cleaned_reply='GETINFO status/bootstrap-phase
  ++ tr ‘\r’ ’ ‘
  ’+ echo 'GETINFO status/bootstrap-phase
• cleaned_reply='GETINFO status/bootstrap-phase '
  ++ tr ‘\n’ ’ '
  ++ echo 'GETINFO status/bootstrap-phase ’
• cleaned_reply='GETINFO status/bootstrap-phase '
  ++ sed -e ‘s/ {1,}$//’
  ++ echo 'GETINFO status/bootstrap-phase ’
• cleaned_reply=‘GETINFO status/bootstrap-phase’
• received ‘GETINFO status/bootstrap-phase’
• trap error_handler ERR
• true ‘GETINFO status/bootstrap-phase’
• echo ‘0dfc0d53-58e7-45ca-b06a-610ef52721c1 GOT: GETINFO status/bootstrap-phase’
• ‘[’ ‘GETINFO status/bootstrap-phase’ = ‘’ ‘]’
• read -r first_word _
• ‘[’ getinfo = authenticate ‘]’
• ‘[’ getinfo = quit ‘]’
• ok=0
• for element in ‘"${CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[@]}"’
• true ‘CONTROL_PORT_FILTER_LOWERCASE_WHITELIST element: authenticate’
• ‘[’ ‘getinfo status/bootstrap-phase’ = authenticate ‘]’
• for element in ‘"${CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[@]}"’
• true ‘CONTROL_PORT_FILTER_LOWERCASE_WHITELIST element: getinfo net/listeners/socks’
• ‘[’ ‘getinfo status/bootstrap-phase’ = ‘getinfo net/listeners/socks’ ‘]’
• for element in ‘"${CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[@]}"’
• true ‘CONTROL_PORT_FILTER_LOWERCASE_WHITELIST element: getinfo status/bootstrap-phase’
• ‘[’ ‘getinfo status/bootstrap-phase’ = ‘getinfo status/bootstrap-phase’ ‘]’
• ok=1
• true ‘ok: reply getinfo status/bootstrap-phase = element getinfo status/bootstrap-phase’
• break
• ‘[’ ‘!’ 1 = 1 ‘]’
• lie_when=‘GETINFO net/listeners/socks’
• ‘[’ ‘getinfo status/bootstrap-phase’ = ‘getinfo net/listeners/socks’ ‘]’
  ++ mktemp --directory
• temp_directory=/tmp/tmp.WAI8uDppTk
• IN=/tmp/tmp.WAI8uDppTk/in_0dfc0d53-58e7-45ca-b06a-610ef52721c1
• OUT=/tmp/tmp.WAI8uDppTk/out_0dfc0d53-58e7-45ca-b06a-610ef52721c1
• mkfifo /tmp/tmp.WAI8uDppTk/in_0dfc0d53-58e7-45ca-b06a-610ef52721c1
• mkfifo /tmp/tmp.WAI8uDppTk/out_0dfc0d53-58e7-45ca-b06a-610ef52721c1
• NC_PID=15022
• check_tor
• trap error_handler ERR
• ‘[’ -f /var/run/tor/control.authcookie ‘]’
• tor_authcookie=0
• ‘[’ -f /var/run/tor/tor.pid ‘]’
• tor_pid=1
  ++ cat /var/run/tor/tor.pid
• nc 127.0.0.1 9051
• tor_pid=2433
• tor_pid_running=0
• kill -0 2433
• ‘[’ 0 = 0 ‘]’
• ‘[’ 0 = 0 ‘]’
• check_tor_result=0
• ‘[’ ‘!’ 0 = 0 ‘]’
• xxd_exit_code=0
  ++ xxd -c 32 -g 0 /var/run/tor/control.authcookie
• temporary_variable_one=‘0000000: 9cea67006a7105d5dbdc03bf9703e824b02c81be5353e311c9b872c267e7ea6a …g.jq…$.,…SS…r.g…j’
• ‘[’ ‘!’ 0 = 0 ‘]’
• read -r temporary_variable_two cookie _
• wait 15025
• timeout --kill-after=2s 2s echo ‘AUTHENTICATE 9cea67006a7105d5dbdc03bf9703e824b02c81be5353e311c9b872c267e7ea6a’
• wait 15027
• timeout --kill-after=2s 2s echo ‘GETINFO status/bootstrap-phase’
• wait 15029
• timeout --kill-after=2s 2s echo QUIT
  ++ timeout --kill-after=2s 2s cat /tmp/tmp.WAI8uDppTk/in_0dfc0d53-58e7-45ca-b06a-610ef52721c1
• var='250 OK
  250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY="Done"
  250 OK
  ’50 closing connection
• ps_p_exit_code=0
• ps -p 15022
• ps_p_exit_code=1
• true
• echo ‘0dfc0d53-58e7-45ca-b06a-610ef52721c1 debug: ps_p_exit_code: 1’
• ‘[’ ‘250 OK
  250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY="Done"
  250 OK
  ’ = ‘’ ']'g connection
• true 'var: 250 OK
  250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY="Done"
  250 OK
  ’50 closing connection
• echo ‘250 OK
  250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY="Done"
  250 OK
  ’50 closing connection
  ++ sed -n 1,1p
  ++ cat /tmp/tmp.WAI8uDppTk/temp_0dfc0d53-58e7-45ca-b06a-610ef52721c1
  ’ first_line='250 OK
  ++ tr ‘\r’ ’ ‘
  ’+ echo '250 OK
• first_line='250 OK '
  ++ tr ‘\n’ ’ '
  ++ echo '250 OK ’
• first_line='250 OK '
  ++ sed -e ‘s/ {1,}$//’
  ++ echo '250 OK ’
• first_line=‘250 OK’
• ‘[’ ‘250 OK’ = ‘250 OK’ ‘]’
• true
  ++ sed -n 2,2p
  ++ cat /tmp/tmp.WAI8uDppTk/temp_0dfc0d53-58e7-45ca-b06a-610ef52721c1
  ’ second_line='250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY=“Done”
  ++ tr ‘\r’ ’ ‘
  ’+ echo '250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY=“Done”
• second_line='250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY=“Done” '
  ++ tr ‘\n’ ’ '
  ++ echo '250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY=“Done” ’
• second_line='250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY=“Done” '
  ++ sed -e ‘s/ {1,}$//’
  ++ echo '250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY=“Done” ’
• second_line=‘250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY=“Done”’
• write_back ‘250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY=“Done”’
• trap error_handler ERR
• printf ‘250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY=“Done”\r\n’
• echo ‘0dfc0d53-58e7-45ca-b06a-610ef52721c1 BACK: 250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY=“Done”’
• ‘[’ ‘250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY=“Done”’ = ‘250 OK’ ‘]’
  ++ sed -n 3,3p
  ++ cat /tmp/tmp.WAI8uDppTk/temp_0dfc0d53-58e7-45ca-b06a-610ef52721c1
  ’ third_line='250 OK
  ++ tr ‘\r’ ’ ‘
  ’+ echo '250 OK
• third_line='250 OK '
  ++ tr ‘\n’ ’ '
  ++ echo '250 OK ’
• third_line='250 OK '
  ++ sed -e ‘s/ {1,}$//’
  ++ echo '250 OK ’
• third_line=‘250 OK’
• write_back ‘250 OK’
• trap error_handler ERR
• printf ‘250 OK\r\n’
• echo ‘0dfc0d53-58e7-45ca-b06a-610ef52721c1 BACK: 250 OK’
• read -r
• cleaned_reply=$‘QUIT\r’
  ++ tr ‘\r’ ’ '
  ++ echo $‘QUIT\r’
• cleaned_reply='QUIT '
  ++ tr ‘\n’ ’ '
  ++ echo 'QUIT ’
• cleaned_reply='QUIT '
  ++ sed -e ‘s/ {1,}$//’
  ++ echo 'QUIT ’
• cleaned_reply=QUIT
• received QUIT
• trap error_handler ERR
• true QUIT
• echo ‘0dfc0d53-58e7-45ca-b06a-610ef52721c1 GOT: QUIT’
• ‘[’ QUIT = ‘’ ‘]’
• read -r first_word _
• ‘[’ quit = authenticate ‘]’
• ‘[’ quit = quit ‘]’
• break
• echo '0dfc0d53-58e7-45ca-b06a-610ef52721c1 INFO: End.'
  tcpserver: end 15004 status 0
  tcpserver: status: 0/40
  tcpserver: status: 1/40
  tcpserver: pid 15079 from 192.168.0.11
  tcpserver: ok 15079 host:192.168.0.10:9052 :192.168.0.11::41770
• ‘[’ -z ‘’ ‘]’
• return
• /usr/lib/whonix/cpf-tcpserver
• set -o pipefail
• LOG=/var/log/controlportfilt.log
• trap error_handler ERR
• trap trap_sigint SIGINT
  ++ uuidgen -r
• ID=b2c73fd5-79d5-4271-bd8e-cc6f790ab8f6
• cpf_pid=15079
• echo 'b2c73fd5-79d5-4271-bd8e-cc6f790ab8f6 INFO: Getting connection… cpf_pid: 15079 | LD_PRELOAD: ’
• kill_after=5s
• timeout_after=5s
• ‘[’ -d /etc/controlportfilt.d ‘]’
• for i in ‘/etc/controlportfilt.d/*’
• ‘[’ -f /etc/controlportfilt.d/30_controlportfilt_default ‘]’
• ‘[’ t = ‘~’ ‘]’
• grep -q .dpkg-
• echo /etc/controlportfilt.d/30_controlportfilt_default
• source /etc/controlportfilt.d/30_controlportfilt_default
  ++ CONTROL_PORT_FILTER_PROXY=1
  ++ CONTROL_PORT_FILTER_VERBOSE=0
  ++ CONTROL_PORT_FILTER_WHITELIST=(“AUTHENTICATE” “GETINFO net/listeners/socks” “GETINFO status/bootstrap-phase” “SIGNAL NEWNYM” “QUIT”)
• ‘[’ 0 = 1 ‘]’
• i=0
• for element in ‘"${CONTROL_PORT_FILTER_WHITELIST[@]}"’
• CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[$i]=authenticate
• i=1
• for element in ‘"${CONTROL_PORT_FILTER_WHITELIST[@]}"’
• CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[$i]=‘getinfo net/listeners/socks’
• i=2
• for element in ‘"${CONTROL_PORT_FILTER_WHITELIST[@]}"’
• CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[$i]=‘getinfo status/bootstrap-phase’
• i=3
• for element in ‘"${CONTROL_PORT_FILTER_WHITELIST[@]}"’
• CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[$i]=‘signal newnym’
• i=4
• for element in ‘"${CONTROL_PORT_FILTER_WHITELIST[@]}"’
• CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[$i]=quit
• i=5
• for element in ‘"${CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[@]}"’
• true ‘CONTROL_PORT_FILTER_LOWERCASE_WHITELIST element: authenticate’
• for element in ‘"${CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[@]}"’
• true ‘CONTROL_PORT_FILTER_LOWERCASE_WHITELIST element: getinfo net/listeners/socks’
• for element in ‘"${CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[@]}"’
• true ‘CONTROL_PORT_FILTER_LOWERCASE_WHITELIST element: getinfo status/bootstrap-phase’
• for element in ‘"${CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[@]}"’
• true ‘CONTROL_PORT_FILTER_LOWERCASE_WHITELIST element: signal newnym’
• for element in ‘"${CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[@]}"’
• true ‘CONTROL_PORT_FILTER_LOWERCASE_WHITELIST element: quit’
• check_tor
• trap error_handler ERR
• ‘[’ -f /var/run/tor/control.authcookie ‘]’
• tor_authcookie=0
• ‘[’ -f /var/run/tor/tor.pid ‘]’
• tor_pid=1
  ++ cat /var/run/tor/tor.pid
• tor_pid=2433
• tor_pid_running=0
• kill -0 2433
• ‘[’ 0 = 0 ‘]’
• ‘[’ 0 = 0 ‘]’
• check_tor_result=0
• ‘[’ ‘!’ 0 = 0 ‘]’
• read -r
  ’ cleaned_reply='GETINFO status/bootstrap-phase
  ++ tr ‘\r’ ’ ‘
  ’+ echo 'GETINFO status/bootstrap-phase
• cleaned_reply='GETINFO status/bootstrap-phase '
  ++ tr ‘\n’ ’ '
  ++ echo 'GETINFO status/bootstrap-phase ’
• cleaned_reply='GETINFO status/bootstrap-phase '
  ++ sed -e ‘s/ {1,}$//’
  ++ echo 'GETINFO status/bootstrap-phase ’
• cleaned_reply=‘GETINFO status/bootstrap-phase’
• received ‘GETINFO status/bootstrap-phase’
• trap error_handler ERR
• true ‘GETINFO status/bootstrap-phase’
• echo ‘b2c73fd5-79d5-4271-bd8e-cc6f790ab8f6 GOT: GETINFO status/bootstrap-phase’
• ‘[’ ‘GETINFO status/bootstrap-phase’ = ‘’ ‘]’
• read -r first_word _
• ‘[’ getinfo = authenticate ‘]’
• ‘[’ getinfo = quit ‘]’
• ok=0
• for element in ‘"${CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[@]}"’
• true ‘CONTROL_PORT_FILTER_LOWERCASE_WHITELIST element: authenticate’
• ‘[’ ‘getinfo status/bootstrap-phase’ = authenticate ‘]’
• for element in ‘"${CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[@]}"’
• true ‘CONTROL_PORT_FILTER_LOWERCASE_WHITELIST element: getinfo net/listeners/socks’
• ‘[’ ‘getinfo status/bootstrap-phase’ = ‘getinfo net/listeners/socks’ ‘]’
• for element in ‘"${CONTROL_PORT_FILTER_LOWERCASE_WHITELIST[@]}"’
• true ‘CONTROL_PORT_FILTER_LOWERCASE_WHITELIST element: getinfo status/bootstrap-phase’
• ‘[’ ‘getinfo status/bootstrap-phase’ = ‘getinfo status/bootstrap-phase’ ‘]’
• ok=1
• true ‘ok: reply getinfo status/bootstrap-phase = element getinfo status/bootstrap-phase’
• break
• ‘[’ ‘!’ 1 = 1 ‘]’
• lie_when=‘GETINFO net/listeners/socks’
• ‘[’ ‘getinfo status/bootstrap-phase’ = ‘getinfo net/listeners/socks’ ‘]’
  ++ mktemp --directory
• temp_directory=/tmp/tmp.C8j2sARSPN
• IN=/tmp/tmp.C8j2sARSPN/in_b2c73fd5-79d5-4271-bd8e-cc6f790ab8f6
• OUT=/tmp/tmp.C8j2sARSPN/out_b2c73fd5-79d5-4271-bd8e-cc6f790ab8f6
• mkfifo /tmp/tmp.C8j2sARSPN/in_b2c73fd5-79d5-4271-bd8e-cc6f790ab8f6
• mkfifo /tmp/tmp.C8j2sARSPN/out_b2c73fd5-79d5-4271-bd8e-cc6f790ab8f6
• NC_PID=15097
• check_tor
• trap error_handler ERR
• ‘[’ -f /var/run/tor/control.authcookie ‘]’
• tor_authcookie=0
• ‘[’ -f /var/run/tor/tor.pid ‘]’
• tor_pid=1
  ++ cat /var/run/tor/tor.pid
• nc 127.0.0.1 9051
• tor_pid=2433
• tor_pid_running=0
• kill -0 2433
• ‘[’ 0 = 0 ‘]’
• ‘[’ 0 = 0 ‘]’
• check_tor_result=0
• ‘[’ ‘!’ 0 = 0 ‘]’
• xxd_exit_code=0
  ++ xxd -c 32 -g 0 /var/run/tor/control.authcookie
• temporary_variable_one=‘0000000: 9cea67006a7105d5dbdc03bf9703e824b02c81be5353e311c9b872c267e7ea6a …g.jq…$.,…SS…r.g…j’
• ‘[’ ‘!’ 0 = 0 ‘]’
• read -r temporary_variable_two cookie _
• wait 15100
• timeout --kill-after=2s 2s echo ‘AUTHENTICATE 9cea67006a7105d5dbdc03bf9703e824b02c81be5353e311c9b872c267e7ea6a’
• wait 15102
• timeout --kill-after=2s 2s echo ‘GETINFO status/bootstrap-phase’
• wait 15104
• timeout --kill-after=2s 2s echo QUIT
  ++ timeout --kill-after=2s 2s cat /tmp/tmp.C8j2sARSPN/in_b2c73fd5-79d5-4271-bd8e-cc6f790ab8f6
• var='250 OK
  250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY="Done"
  250 OK
  ’50 closing connection
• ps_p_exit_code=0
• ps -p 15097
• ps_p_exit_code=1
• true
• echo ‘b2c73fd5-79d5-4271-bd8e-cc6f790ab8f6 debug: ps_p_exit_code: 1’
• ‘[’ ‘250 OK
  250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY="Done"
  250 OK
  ’ = ‘’ ']'g connection
• true 'var: 250 OK
  250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY="Done"
  250 OK
  ’50 closing connection
• echo ‘250 OK
  250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY="Done"
  250 OK
  ’50 closing connection
  ++ sed -n 1,1p
  ++ cat /tmp/tmp.C8j2sARSPN/temp_b2c73fd5-79d5-4271-bd8e-cc6f790ab8f6
  ’ first_line='250 OK
  ++ tr ‘\r’ ’ ‘
  ’+ echo '250 OK
• first_line='250 OK '
  ++ tr ‘\n’ ’ '
  ++ echo '250 OK ’
• first_line='250 OK '
  ++ sed -e ‘s/ {1,}$//’
  ++ echo '250 OK ’
• first_line=‘250 OK’
• ‘[’ ‘250 OK’ = ‘250 OK’ ‘]’
• true
  ++ sed -n 2,2p
  ++ cat /tmp/tmp.C8j2sARSPN/temp_b2c73fd5-79d5-4271-bd8e-cc6f790ab8f6
  ’ second_line='250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY=“Done”
  ++ tr ‘\r’ ’ ‘
  ’+ echo '250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY=“Done”
• second_line='250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY=“Done” '
  ++ tr ‘\n’ ’ '
  ++ echo '250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY=“Done” ’
• second_line='250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY=“Done” '
  ++ sed -e ‘s/ {1,}$//’
  ++ echo '250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY=“Done” ’
• second_line=‘250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY=“Done”’
• write_back ‘250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY=“Done”’
• trap error_handler ERR
• printf ‘250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY=“Done”\r\n’
• echo ‘b2c73fd5-79d5-4271-bd8e-cc6f790ab8f6 BACK: 250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY=“Done”’
• ‘[’ ‘250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY=“Done”’ = ‘250 OK’ ‘]’
  ++ sed -n 3,3p
  ++ cat /tmp/tmp.C8j2sARSPN/temp_b2c73fd5-79d5-4271-bd8e-cc6f790ab8f6
  ’ third_line='250 OK
  ++ tr ‘\r’ ’ ‘
  ’+ echo '250 OK
• third_line='250 OK '
  ++ tr ‘\n’ ’ '
  ++ echo '250 OK ’
• third_line='250 OK '
  ++ sed -e ‘s/ {1,}$//’
  ++ echo '250 OK ’
• third_line=‘250 OK’
• write_back ‘250 OK’
• trap error_handler ERR
• printf ‘250 OK\r\n’
• echo ‘b2c73fd5-79d5-4271-bd8e-cc6f790ab8f6 BACK: 250 OK’
• read -r
• cleaned_reply=$‘QUIT\r’
  ++ tr ‘\r’ ’ '
  ++ echo $‘QUIT\r’
• cleaned_reply='QUIT '
  ++ tr ‘\n’ ’ '
  ++ echo 'QUIT ’
• cleaned_reply='QUIT '
  ++ sed -e ‘s/ {1,}$//’
  ++ echo 'QUIT ’
• cleaned_reply=QUIT
• received QUIT
• trap error_handler ERR
• true QUIT
• echo ‘b2c73fd5-79d5-4271-bd8e-cc6f790ab8f6 GOT: QUIT’
• ‘[’ QUIT = ‘’ ‘]’
• read -r first_word _
• ‘[’ quit = authenticate ‘]’
• ‘[’ quit = quit ‘]’
• break
• echo 'b2c73fd5-79d5-4271-bd8e-cc6f790ab8f6 INFO: End.'
  tcpserver: end 15079 status 0
  tcpserver: status: 0/40
  [/code]

controlportfilt.log

0dfc0d53-58e7-45ca-b06a-610ef52721c1 BACK: 250 OK 0dfc0d53-58e7-45ca-b06a-610ef52721c1 GOT: QUIT 0dfc0d53-58e7-45ca-b06a-610ef52721c1 INFO: End. b2c73fd5-79d5-4271-bd8e-cc6f790ab8f6 INFO: Getting connection... cpf_pid: 15079 | LD_PRELOAD: b2c73fd5-79d5-4271-bd8e-cc6f790ab8f6 GOT: GETINFO status/bootstrap-phase b2c73fd5-79d5-4271-bd8e-cc6f790ab8f6 debug: ps_p_exit_code: 1 b2c73fd5-79d5-4271-bd8e-cc6f790ab8f6 BACK: 250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY="Done" b2c73fd5-79d5-4271-bd8e-cc6f790ab8f6 BACK: 250 OK b2c73fd5-79d5-4271-bd8e-cc6f790ab8f6 GOT: QUIT b2c73fd5-79d5-4271-bd8e-cc6f790ab8f6 INFO: End.

root@host:/home/user# sudo -u debian-tor valgrind --leak-check=full --show-reachable=yes tcpserver -v -1 -l host -H 0 9052 /bin/bash -x -c /usr/lib/whonix/cpf-tcpserver ==16783== Memcheck, a memory error detector ==16783== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. ==16783== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info ==16783== Command: tcpserver -v -1 -l host -H 0 9052 /bin/bash -x -c /usr/lib/whonix/cpf-tcpserver ==16783== tcpserver: fatal: unable to bind: address already used ==16783== ==16783== HEAP SUMMARY: ==16783== in use at exit: 976 bytes in 1 blocks ==16783== total heap usage: 3 allocs, 2 frees, 2,496 bytes allocated ==16783== ==16783== 976 bytes in 1 blocks are still reachable in loss record 1 of 1 ==16783== at 0x4028308: malloc (vg_replace_malloc.c:263) ==16783== by 0x804DDB7: ??? (in /usr/bin/tcpserver) ==16783== by 0x804F819: ??? (in /usr/bin/tcpserver) ==16783== by 0x804F2F3: ??? (in /usr/bin/tcpserver) ==16783== by 0x804E98A: ??? (in /usr/bin/tcpserver) ==16783== by 0x804E4D5: ??? (in /usr/bin/tcpserver) ==16783== by 0x804BD95: ??? (in /usr/bin/tcpserver) ==16783== by 0x804C14C: ??? (in /usr/bin/tcpserver) ==16783== by 0x804B6A1: ??? (in /usr/bin/tcpserver) ==16783== by 0x8049C1A: ??? (in /usr/bin/tcpserver) ==16783== by 0x4055E45: (below main) (libc-start.c:244) ==16783== ==16783== LEAK SUMMARY: ==16783== definitely lost: 0 bytes in 0 blocks ==16783== indirectly lost: 0 bytes in 0 blocks ==16783== possibly lost: 0 bytes in 0 blocks ==16783== still reachable: 976 bytes in 1 blocks ==16783== suppressed: 0 bytes in 0 blocks ==16783== ==16783== For counts of detected and suppressed errors, rerun with: -v ==16783== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 11 from 6)

I’m out of my depth here but I can guess from the tutorial here: http://cs.ecs.baylor.edu/~donahoo/tools/valgrind/
that there is a memory allocation problem going on.