[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #17417 [Tor]: fail self-test for cert_new in v0.2.8.0-alpha-dev NetBSD 6_Stable

Subject: Re: [tor-bugs] #17417 [Tor]: fail self-test for cert_new in v0.2.8.0-alpha-dev NetBSD 6_Stable
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sat, 24 Oct 2015 18:35:12 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 24 Oct 2015 14:35:21 -0400
In-reply-to: <045.14f2182a6780eae8ee8553f9bc33a67c@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <045.14f2182a6780eae8ee8553f9bc33a67c@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#17417: fail self-test for cert_new in v0.2.8.0-alpha-dev NetBSD 6_Stable
--------------------+------------------------------------
 Reporter:  yancm   |          Owner:
     Type:  defect  |         Status:  needs_review
 Priority:  Medium  |      Milestone:  Tor: 0.2.8.x-final
Component:  Tor     |        Version:  Tor: unspecified
 Severity:  Normal  |     Resolution:
 Keywords:          |  Actual Points:
Parent ID:          |         Points:
  Sponsor:          |
--------------------+------------------------------------

Comment (by rl1987):

 Here's my reasoning. `tor_x509_cert_new()` allocates a `tor_x509_cert_t`
 object. `tor_x509_cert_free()` then frees it. At the end of the function,
 it tries to free it again. One of the ways to avoid double-freeing things
 is to set the pointer to NULL after first freeing the memory. Note that
 `ret` the pointer cannot be cleared inside `tor_x509_cert_free()` because
 `tor_x509_cert_free()` receives a ''new copy'' of that pointer and cannot
 do anything about the old copy in the testcase.

 If you compile Tor with non-cutting-edge OpenSSL, this portion of code
 will be compiled in:

 {{{
  #ifndef OPENSSL_OPAQUE
    cert = read_cert_from(validCertString);
    X509_CINF_free(cert->cert_info);
    cert->cert_info = NULL;
    ret = tor_x509_cert_new(cert);
    tt_assert(ret);
  #endif
 }}}
 Here, it creates a new `tor_x509_cert_t` object. If I refrained from
 freeing the memory before the new `tor_x509_cert_t` instance is created
 (like I did in my first patch), everyone would forget about the old
 instance and the memory would be leaked.

 Now, if I free the previous `tor_x509_cert_t` instance and nullify the
 pointer, there will be no memory leak regardless the `OPENSSL_OPAQUE`
 macro. And there is no double-free crashbug because
 `tor_x509_cert_free(NULL)` is no-op.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17417#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #17417 [Tor]: fail self-test for cert_new in v0.2.8.0-alpha-dev NetBSD 6_Stable
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #17417 [Tor]: fail self-test for cert_new in v0.2.8.0-alpha-dev NetBSD 6_Stable
Next by Author: Re: [tor-bugs] #17417 [Tor]: fail self-test for cert_new in v0.2.8.0-alpha-dev NetBSD 6_Stable
Previous by thread: Re: [tor-bugs] #17417 [Tor]: fail self-test for cert_new in v0.2.8.0-alpha-dev NetBSD 6_Stable
Next by thread: Re: [tor-bugs] #17417 [Tor]: fail self-test for cert_new in v0.2.8.0-alpha-dev NetBSD 6_Stable
Index(es):
- Author
- Thread