[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #20715 [Core Tor/Tor]: memory leak in tor_cert_parse()

Subject: Re: [tor-bugs] #20715 [Core Tor/Tor]: memory leak in tor_cert_parse()
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 18 Nov 2016 16:58:27 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 18 Nov 2016 11:58:36 -0500
In-reply-to: <044.44df8a75d59706a95c0209e754504c93@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <044.44df8a75d59706a95c0209e754504c93@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#20715: memory leak in tor_cert_parse()
--------------------------+------------------------------------
 Reporter:  arma          |          Owner:
     Type:  defect        |         Status:  new
 Priority:  Medium        |      Milestone:  Tor: 0.2.9.x-final
Component:  Core Tor/Tor  |        Version:  Tor: 0.2.9.5-alpha
 Severity:  Normal        |     Resolution:
 Keywords:                |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+------------------------------------

Comment (by arma):

 signed_descriptor_move() looks interesting here:
 {{{
   ri = router_parse_entry_from_string(body,
 body+sd->signed_descriptor_len+sd->annotations_len,
                          0, 1, NULL, NULL);
   if (!ri)
     return NULL;
   signed_descriptor_move(&ri->cache_info, sd);
 }}}

 So in the router_parse_entry(), we make a new cert and assign it to
 {{{
       router->cache_info.signing_key_cert = cert;
 }}}

 But then in signed_descriptor_move we
 {{{
   memcpy(dest, src, sizeof(signed_descriptor_t));
 }}}

 Does that clobber the old ri->cache_info.signing_key_cert with whatever
 was in sd?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20715#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #20715 [Core Tor/Tor]: memory leak in tor_cert_parse()
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #20644 [Applications/TorBirdy]: torbirdy/thunderbird opens html-attachment in thunderbird and loads content from the internet
Next by Author: Re: [tor-bugs] #20502 [Core Tor/Tor]: Setting UseBridges=1 UseEntryGuards=0 means you bypass your bridges
Previous by thread: Re: [tor-bugs] #20715 [Core Tor/Tor]: memory leak in tor_cert_parse()
Next by thread: Re: [tor-bugs] #20715 [Core Tor/Tor]: memory leak in tor_cert_parse()
Index(es):
- Author
- Thread