GitLab

As part of Sponsor 96, Guardian Project found an issue on Android via Android's file descriptor sanitizer, which reveals that we have a potential double close() call in tor_main_configuration_free() as part of our public API which will happen every time Tor exits normally.

The problem here is that in case everything goes well and Tor exits normally, Tor's main loop will close the fd which will later be closed when the API consumer calls tor_main_configuration_free().

We need to invalidate the socket in the main loop when we close it, such that the tor_main_configuration_free() knows not to close it.

This is also being tracked in https://github.com/guardianproject/tor-android/issues/57

One work around here for now for the JNI interface could be:

diff --git a/src/feature/api/org_torproject_jni_TorService.c b/src/feature/api/org_torproject_jni_TorService.c
index 856f64a8d7..f3cda197b7 100644
--- a/src/feature/api/org_torproject_jni_TorService.c
+++ b/src/feature/api/org_torproject_jni_TorService.c
@@ -240,6 +240,7 @@ Java_org_torproject_jni_TorService_mainConfigurationFree
     fprintf(stderr, "ConfigurationFree: The Tor configuration is NULL!\n");
     return;
   }
+  cfg->owning_controller_socket = -1;
   tor_main_configuration_free(cfg);
 }

which causes SOCKET_OK() to return false and thus not double free it. This comes with the price that if Tor exits due to an error, there may be a missing call to close() here.