[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor/release-0.4.1] circpad_setup_machine_on_circ(): exit early on error.



commit 78bcfc1280b322ba57a10a116457616eeb742ab6
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date:   Sat Mar 14 14:44:33 2020 -0400

    circpad_setup_machine_on_circ(): exit early on error.
    
    This function does a nonfatal assertion to make sure that a machine
    is not registered twice, but Tobias Pulls found a case where it
    happens.  Instead, make the function exit early so that it doesn't
    cause a remotely triggered memory leak.
    
    Fixes bug 33619; bugfix on 0.4.0.1-alpha.  This is also tracked as
    TROVE-2020-004.
---
 changes/ticket33619          | 5 +++++
 src/core/or/circuitpadding.c | 9 ++++++---
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/changes/ticket33619 b/changes/ticket33619
new file mode 100644
index 000000000..3c52858b3
--- /dev/null
+++ b/changes/ticket33619
@@ -0,0 +1,5 @@
+  o Major bugfixes (circuit padding, memory leaks):
+    - Avoid a remotely triggered memory leak in the case that a circuit
+      padding machine is somehow negotiated twice on the same circuit. Fixes
+      bug 33619; bugfix on 0.4.0.1-alpha.  Found by Tobias Pulls.  This is
+      also tracked as TROVE-2020-004.
diff --git a/src/core/or/circuitpadding.c b/src/core/or/circuitpadding.c
index a62cdcf9e..72b770113 100644
--- a/src/core/or/circuitpadding.c
+++ b/src/core/or/circuitpadding.c
@@ -2381,9 +2381,12 @@ circpad_setup_machine_on_circ(circuit_t *on_circ,
     return;
   }
 
-  tor_assert_nonfatal(on_circ->padding_machine[machine->machine_index]
-                      == NULL);
-  tor_assert_nonfatal(on_circ->padding_info[machine->machine_index] == NULL);
+  IF_BUG_ONCE(on_circ->padding_machine[machine->machine_index] != NULL) {
+    return;
+  }
+  IF_BUG_ONCE(on_circ->padding_info[machine->machine_index] != NULL) {
+    return;
+  }
 
   /* Log message */
   if (CIRCUIT_IS_ORIGIN(on_circ)) {



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits