[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor/maint-0.2.2] Fix double-free bug in microdesc parser



commit 247cbab6c8a37c5e6225bfd60491b071a29331e4
Author: cypherpunks <writecode@xxxxxxxxx>
Date:   Wed Apr 27 11:10:56 2011 -0700

    Fix double-free bug in microdesc parser
---
 changes/microdesc-double-free |    7 +++++++
 src/or/routerparse.c          |    1 +
 2 files changed, 8 insertions(+), 0 deletions(-)

diff --git a/changes/microdesc-double-free b/changes/microdesc-double-free
new file mode 100644
index 0000000..932cc75
--- /dev/null
+++ b/changes/microdesc-double-free
@@ -0,0 +1,7 @@
+  o Security fixes:
+    - Don't double-free a parsable, but invalid, microdescriptor, even
+      if it is followed in the blob we're parsing by an unparsable
+      microdescriptor.  Fixes an issue reported in a comment on bug 2954.
+      Bugfix on 0.2.2.6-alpha; fix by "cypherpunks".
+
+
diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index ba29f05..d0138e6 100644
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -4357,6 +4357,7 @@ microdescs_parse_from_string(const char *s, const char *eos,
     md = NULL;
   next:
     microdesc_free(md);
+    md = NULL;
 
     memarea_clear(area);
     smartlist_clear(tokens);

_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits