[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [tor/maint-0.2.2] Fix double-free bug in microdesc parser
commit 247cbab6c8a37c5e6225bfd60491b071a29331e4
Author: cypherpunks <writecode@xxxxxxxxx>
Date: Wed Apr 27 11:10:56 2011 -0700
Fix double-free bug in microdesc parser
---
changes/microdesc-double-free | 7 +++++++
src/or/routerparse.c | 1 +
2 files changed, 8 insertions(+), 0 deletions(-)
diff --git a/changes/microdesc-double-free b/changes/microdesc-double-free
new file mode 100644
index 0000000..932cc75
--- /dev/null
+++ b/changes/microdesc-double-free
@@ -0,0 +1,7 @@
+ o Security fixes:
+ - Don't double-free a parsable, but invalid, microdescriptor, even
+ if it is followed in the blob we're parsing by an unparsable
+ microdescriptor. Fixes an issue reported in a comment on bug 2954.
+ Bugfix on 0.2.2.6-alpha; fix by "cypherpunks".
+
+
diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index ba29f05..d0138e6 100644
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -4357,6 +4357,7 @@ microdescs_parse_from_string(const char *s, const char *eos,
md = NULL;
next:
microdesc_free(md);
+ md = NULL;
memarea_clear(area);
smartlist_clear(tokens);
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits