[tor-commits] [tor/maint-0.2.2] Free rend_data and intro_key when extra intro circs become general-purpose
nickm at torproject.org
nickm at torproject.org
Thu Oct 20 04:00:47 UTC 2011
commit 739c21e97b5c78ee76c7283993e7ca01f6d3beec
Author: Robert Ransom <rransom.8774 at gmail.com>
Date: Tue Oct 18 07:08:02 2011 -0700
Free rend_data and intro_key when extra intro circs become general-purpose
---
changes/bug4251 | 8 ++++++++
src/or/rendservice.c | 13 +++++++++++++
2 files changed, 21 insertions(+), 0 deletions(-)
diff --git a/changes/bug4251 b/changes/bug4251
new file mode 100644
index 0000000..303c9e6
--- /dev/null
+++ b/changes/bug4251
@@ -0,0 +1,8 @@
+ o Minor bugfixes:
+
+ - When a hidden service turns an extra service-side introduction
+ circuit into a general-purpose circuit, free the rend_data and
+ intro_key fields first, so they won't be leaked if the circuit
+ is cannibalized for use as another service-side introduction
+ circuit. Bugfix on 0.2.1.7-alpha; fixes bug 4251.
+
diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index 6ed9650..0f57319 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -1421,7 +1421,20 @@ rend_service_intro_has_opened(origin_circuit_t *circuit)
log_info(LD_CIRC|LD_REND, "We have just finished an introduction "
"circuit, but we already have enough. Redefining purpose to "
"general; leaving as internal.");
+
TO_CIRCUIT(circuit)->purpose = CIRCUIT_PURPOSE_C_GENERAL;
+
+ {
+ rend_data_t *rend_data = circuit->rend_data;
+ circuit->rend_data = NULL;
+ rend_data_free(rend_data);
+ }
+ {
+ crypto_pk_env_t *intro_key = circuit->intro_key;
+ circuit->intro_key = NULL;
+ crypto_free_pk_env(intro_key);
+ }
+
circuit_has_opened(circuit);
return;
}
More information about the tor-commits
mailing list