[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] [tor/master 1/2] Fix a read of a freed pointer while in set_current_consensus
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date: Wed, 20 Oct 2010 12:34:02 -0400
Subject: Fix a read of a freed pointer while in set_current_consensus
Commit: 98aee8472f8028260f85b69499fa892060c9534c
Found by rransom while working on issue #988. Bugfix on
0.2.2.17-alpha. Fixes bug 2097.
---
changes/set_ns_crash | 4 ++++
src/or/networkstatus.c | 18 +++++++++++-------
2 files changed, 15 insertions(+), 7 deletions(-)
create mode 100644 changes/set_ns_crash
diff --git a/changes/set_ns_crash b/changes/set_ns_crash
new file mode 100644
index 0000000..34466d7
--- /dev/null
+++ b/changes/set_ns_crash
@@ -0,0 +1,4 @@
+ o Major bugfixes:
+ - Avoid a crash bug triggered by looking at a dangling pointer while
+ setting the network status consensus. Found by Robert Ransom.
+ Bugfix on 0.2.2.17-alpha. Fixes bug 2097.
diff --git a/src/or/networkstatus.c b/src/or/networkstatus.c
index 1d8a20b..27049d9 100644
--- a/src/or/networkstatus.c
+++ b/src/or/networkstatus.c
@@ -1706,6 +1706,10 @@ networkstatus_set_current_consensus(const char *consensus,
if (current_consensus) {
networkstatus_copy_old_consensus_info(c, current_consensus);
networkstatus_vote_free(current_consensus);
+ /* Defensive programming : we should set current_consensus very soon,
+ * but we're about to call some stuff in the meantime, and leaving this
+ * dangling pointer around has proven to be trouble. */
+ current_consensus = NULL;
}
}
@@ -1731,13 +1735,6 @@ networkstatus_set_current_consensus(const char *consensus,
download_status_failed(&consensus_dl_status[flav], 0);
}
- if (directory_caches_dir_info(options)) {
- dirserv_set_cached_consensus_networkstatus(consensus,
- flavor,
- &c->digests,
- c->valid_after);
- }
-
if (flav == USABLE_CONSENSUS_FLAVOR) {
current_consensus = c;
c = NULL; /* Prevent free. */
@@ -1754,6 +1751,13 @@ networkstatus_set_current_consensus(const char *consensus,
circuit_build_times_new_consensus_params(&circ_times, current_consensus);
}
+ if (directory_caches_dir_info(options)) {
+ dirserv_set_cached_consensus_networkstatus(consensus,
+ flavor,
+ &c->digests,
+ c->valid_after);
+ }
+
if (!from_cache) {
write_str_to_file(consensus_fname, consensus, 0);
}
--
1.7.1