[or-cvs] r13343: Backport leak fixes from r13148. (in tor/branches/tor-0_1_2-patches: . src/or)

nickm at seul.org nickm at seul.org
Wed Jan 30 23:46:02 UTC 2008


Author: nickm
Date: 2008-01-30 18:46:02 -0500 (Wed, 30 Jan 2008)
New Revision: 13343

Modified:
   tor/branches/tor-0_1_2-patches/
   tor/branches/tor-0_1_2-patches/ChangeLog
   tor/branches/tor-0_1_2-patches/src/or/config.c
   tor/branches/tor-0_1_2-patches/src/or/control.c
   tor/branches/tor-0_1_2-patches/src/or/onion.c
   tor/branches/tor-0_1_2-patches/src/or/rendservice.c
   tor/branches/tor-0_1_2-patches/src/or/router.c
   tor/branches/tor-0_1_2-patches/src/or/routerlist.c
   tor/branches/tor-0_1_2-patches/src/or/routerparse.c
Log:
 r17856 at catbus:  nickm | 2008-01-30 18:45:36 -0500
 Backport leak fixes from r13148.



Property changes on: tor/branches/tor-0_1_2-patches
___________________________________________________________________
 svk:merge ticket from /tor/012 [r17856] on 8246c3cf-6607-4228-993b-4d95d33730f1

Modified: tor/branches/tor-0_1_2-patches/ChangeLog
===================================================================
--- tor/branches/tor-0_1_2-patches/ChangeLog	2008-01-30 22:52:46 UTC (rev 13342)
+++ tor/branches/tor-0_1_2-patches/ChangeLog	2008-01-30 23:46:02 UTC (rev 13343)
@@ -2,7 +2,10 @@
   o Minor bugfixes
     - Stop recommending that every server operator send mail to tor-ops.
       Resolves bug 597.
+    - Fix a few memory leaks that could in theory happen under bizarre error
+      conditions.
 
+
 Changes in version 0.1.2.19 - 2008-01-17
   Tor 0.1.2.19 fixes a huge memory leak on exit relays, makes the default
   exit policy a little bit more conservative so it's safer to run an

Modified: tor/branches/tor-0_1_2-patches/src/or/config.c
===================================================================
--- tor/branches/tor-0_1_2-patches/src/or/config.c	2008-01-30 22:52:46 UTC (rev 13342)
+++ tor/branches/tor-0_1_2-patches/src/or/config.c	2008-01-30 23:46:02 UTC (rev 13343)
@@ -936,6 +936,8 @@
       if (parse_redirect_line(sl, cl, &errmsg)<0) {
         log_warn(LD_CONFIG, "%s", errmsg);
         tor_free(errmsg);
+        SMARTLIST_FOREACH(sl, exit_redirect_t *, er, tor_free(er));
+        smartlist_free(sl);
         return -1;
       }
     }
@@ -1808,6 +1810,7 @@
       smartlist_clear(lines);
     }
   }
+  smartlist_free(lines);
 }
 
 /** Last value actually set by resolve_my_address. */

Modified: tor/branches/tor-0_1_2-patches/src/or/control.c
===================================================================
--- tor/branches/tor-0_1_2-patches/src/or/control.c	2008-01-30 22:52:46 UTC (rev 13342)
+++ tor/branches/tor-0_1_2-patches/src/or/control.c	2008-01-30 23:46:02 UTC (rev 13343)
@@ -668,6 +668,7 @@
             connection_write_str_to_buf("551 Couldn't parse string\r\n", conn);
             SMARTLIST_FOREACH(entries, char *, cp, tor_free(cp));
             smartlist_free(entries);
+            tor_free(key);
             return 0;
           }
         }
@@ -1276,6 +1277,7 @@
     res = dirserv_get_routerdescs(descs, url, &msg);
     if (res) {
       log_warn(LD_CONTROL, "getinfo '%s': %s", question, msg);
+      smartlist_free(descs);
       return -1;
     }
     SMARTLIST_FOREACH(descs, signed_descriptor_t *, sd,

Modified: tor/branches/tor-0_1_2-patches/src/or/onion.c
===================================================================
--- tor/branches/tor-0_1_2-patches/src/or/onion.c	2008-01-30 22:52:46 UTC (rev 13342)
+++ tor/branches/tor-0_1_2-patches/src/or/onion.c	2008-01-30 23:46:02 UTC (rev 13343)
@@ -335,14 +335,14 @@
   len = crypto_dh_compute_secret(handshake_state, handshake_reply, DH_KEY_LEN,
                                  key_material, 20+key_out_len);
   if (len < 0)
-    return -1;
+    goto err;
 
   if (memcmp(key_material, handshake_reply+DH_KEY_LEN, 20)) {
     /* H(K) does *not* match. Something fishy. */
     tor_free(key_material);
     log_warn(LD_PROTOCOL,"Digest DOES NOT MATCH on onion handshake. "
              "Bug or attack.");
-    return -1;
+    goto err;
   }
 
   /* use the rest of the key material for our shared keys, digests, etc */
@@ -356,6 +356,9 @@
 
   tor_free(key_material);
   return 0;
+ err:
+  tor_free(key_material);
+  return -1;
 }
 
 /** Implement the server side of the CREATE_FAST abbreviated handshake.  The
@@ -428,6 +431,7 @@
     /* H(K) does *not* match. Something fishy. */
     log_warn(LD_PROTOCOL,"Digest DOES NOT MATCH on fast handshake. "
              "Bug or attack.");
+    tor_free(out);
     return -1;
   }
   memcpy(key_out, out+DIGEST_LEN, key_out_len);

Modified: tor/branches/tor-0_1_2-patches/src/or/rendservice.c
===================================================================
--- tor/branches/tor-0_1_2-patches/src/or/rendservice.c	2008-01-30 22:52:46 UTC (rev 13342)
+++ tor/branches/tor-0_1_2-patches/src/or/rendservice.c	2008-01-30 23:46:02 UTC (rev 13343)
@@ -254,6 +254,7 @@
         log_warn(LD_CONFIG,
                  "Got multiple HiddenServiceNodes lines for a single "
                  "service.");
+        rend_service_free(service);
         return -1;
       }
       service->intro_prefer_nodes = tor_strdup(line->value);
@@ -263,6 +264,7 @@
         log_warn(LD_CONFIG,
                  "Got multiple HiddenServiceExcludedNodes lines for "
                  "a single service.");
+        rend_service_free(service);
         return -1;
       }
       service->intro_exclude_nodes = tor_strdup(line->value);
@@ -553,7 +555,7 @@
   if (len != REND_COOKIE_LEN+DH_KEY_LEN) {
     log_warn(LD_PROTOCOL, "Bad length %u for INTRODUCE2 cell.", (int)len);
     reason = END_CIRC_REASON_TORPROTOCOL;
-    return -1;
+    goto err;
   }
 
   r_cookie = ptr;

Modified: tor/branches/tor-0_1_2-patches/src/or/router.c
===================================================================
--- tor/branches/tor-0_1_2-patches/src/or/router.c	2008-01-30 22:52:46 UTC (rev 13342)
+++ tor/branches/tor-0_1_2-patches/src/or/router.c	2008-01-30 23:46:02 UTC (rev 13343)
@@ -249,8 +249,10 @@
   if (!server_mode(options)) {
     if (!(prkey = crypto_new_pk_env()))
       return -1;
-    if (crypto_pk_generate_key(prkey))
+    if (crypto_pk_generate_key(prkey)) {
+      crypto_free_pk_env(prkey);
       return -1;
+    }
     set_identity_key(prkey);
     /* Create a TLS context; default the client nickname to "client". */
     if (tor_tls_context_new(get_identity_key(),

Modified: tor/branches/tor-0_1_2-patches/src/or/routerlist.c
===================================================================
--- tor/branches/tor-0_1_2-patches/src/or/routerlist.c	2008-01-30 22:52:46 UTC (rev 13342)
+++ tor/branches/tor-0_1_2-patches/src/or/routerlist.c	2008-01-30 23:46:02 UTC (rev 13343)
@@ -619,14 +619,14 @@
   routerstatus_t *result;
   time_t now = time(NULL);
 
+  if (!trusted_dir_servers)
+    return NULL;
+
   direct = smartlist_create();
   tunnel = smartlist_create();
   overloaded_direct = smartlist_create();
   overloaded_tunnel = smartlist_create();
 
-  if (!trusted_dir_servers)
-    return NULL;
-
   SMARTLIST_FOREACH(trusted_dir_servers, trusted_dir_server_t *, d,
     {
       int is_overloaded =

Modified: tor/branches/tor-0_1_2-patches/src/or/routerparse.c
===================================================================
--- tor/branches/tor-0_1_2-patches/src/or/routerparse.c	2008-01-30 22:52:46 UTC (rev 13342)
+++ tor/branches/tor-0_1_2-patches/src/or/routerparse.c	2008-01-30 23:46:02 UTC (rev 13343)
@@ -533,6 +533,7 @@
   }
   if (tok->tp != K_DIR_SIGNING_KEY) {
     log_warn(LD_DIR, "Dir-signing-key token did not parse as expected");
+    token_free(tok);
     return NULL;
   }
 
@@ -541,6 +542,7 @@
     tok->key = NULL; /* steal reference. */
   } else {
     log_warn(LD_DIR, "Dir-signing-key token contained no key");
+    token_free(tok);
     return NULL;
   }
 
@@ -778,7 +780,7 @@
 
   if (router_get_router_hash(s, digest) < 0) {
     log_warn(LD_DIR, "Couldn't compute router hash.");
-    return NULL;
+    goto err;
   }
   tokens = smartlist_create();
   if (tokenize_string(s,end,tokens,RTR)) {



More information about the tor-commits mailing list