[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [tor/master] Fix use-after-free of stack memory in getinfo_helper_policies
commit 3f83ea84c73e5066eaac87080322f13fc0c7ab91
Author: teor (Tim Wilson-Brown) <teor2345@xxxxxxxxx>
Date: Fri Nov 27 09:31:47 2015 +1100
Fix use-after-free of stack memory in getinfo_helper_policies
---
src/or/policies.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/or/policies.c b/src/or/policies.c
index a46eb96..126ba46 100644
--- a/src/or/policies.c
+++ b/src/or/policies.c
@@ -2165,11 +2165,11 @@ getinfo_helper_policies(control_connection_t *conn,
smartlist_t *private_policy_list = smartlist_new();
smartlist_t *configured_addresses = smartlist_new();
- /* Add the configured addresses to the tor_addr_t* list */
- policies_add_ipv4h_to_smartlist(configured_addresses, me->addr);
- policies_add_addr_to_smartlist(configured_addresses, &me->ipv6_addr);
- policies_add_outbound_addresses_to_smartlist(configured_addresses,
- options);
+ /* Copy the configured addresses into the tor_addr_t* list */
+ policies_copy_ipv4h_to_smartlist(configured_addresses, me->addr);
+ policies_copy_addr_to_smartlist(configured_addresses, &me->ipv6_addr);
+ policies_copy_outbound_addresses_to_smartlist(configured_addresses,
+ options);
policies_parse_exit_policy_reject_private(
&private_policy_list,
@@ -2179,7 +2179,7 @@ getinfo_helper_policies(control_connection_t *conn,
*answer = policy_dump_to_string(private_policy_list, 1, 1);
addr_policy_list_free(private_policy_list);
- /* the addresses in configured_addresses are not ours to free */
+ SMARTLIST_FOREACH(configured_addresses, tor_addr_t *, a, tor_free(a));
smartlist_free(configured_addresses);
} else if (!strcmpstart(question, "exit-policy/")) {
const routerinfo_t *me = router_get_my_routerinfo();
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits