replicable server crash by control message on win2k

I found this while trying to implement the password authentication of the tor control protocol. On Windows 2000 Professional, tor 0.1.0.8-rc, the server can be replicably crashed by the following procedure:

set a HashedControlPassword in the torrc
start tor
open a local tcp connection to the ControlPort
send a byte sequence like 00 04 00 07 49 50 51 00 (4 bytes length, message type AUTHENTICATE, any password [in this case "123"], null terminator)

On my machine, the server crashes immediately. Example log:

Jun 04 21:54:35.046 [notice] Tor v0.1.0.8-rc. This is experimental software. Do not rely on it for strong anonymity. Jun 04 21:54:35.109 [notice] Initialized libevent version 1.1 using method win32 Jun 04 21:54:48.437 [err] crypto_seed_rng(): Can't get CryptoAPI provider [2], error code: 8009000f Jun 04 21:54:50.625 [notice] router_orport_found_reachable(): Your ORPort is reachable from the outside. Excellent. Publishing server descriptor. Jun 04 21:54:50.765 [notice] Tor has successfully opened a circuit. Looks like it's working. Jun 04 21:54:51.406 [notice] directory_handle_command_get(): Client asked for the mirrored directory, but we don't have a good one yet. Sending 503 Dir not available. Jun 04 21:55:01.703 [err] _tor_malloc(): Out of memory. Dying.

At the time of testing, the machine had >200 MB of physical RAM available, so it's not an actual memory shortage.

Some lines of my torrc:

ControlPort 9696 ClientOnly 1 HashedControlPassword oGd9L4OZ3aBgsMS4044OjH1UDd0tYfh3E1RZZcY= #CookieAuthentication 1

The rest are just standard settings.

[Automatically added by flyspray2trac: Operating System: Windows 2k/XP]

Trac:
Username: rm

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information