[tor-commits] [tor/master] router: Fix memory leak in signed_descriptor_move()

nickm at torproject.org nickm at torproject.org
Fri Dec 9 13:31:16 UTC 2016


commit 9bb3bcbc414f8845d025e6bf74ffdf6be96a5ebe
Author: David Goulet <dgoulet at torproject.org>
Date:   Thu Dec 8 11:46:52 2016 -0500

    router: Fix memory leak in signed_descriptor_move()
    
    The signed_descriptor_move() was not releasing memory inside the destination
    object before overwriting it with the source object. This commit adds a reset
    function that free that memory inside a signed descriptor object and zero it.
    
    Closes #20715.
    
    Signed-off-by: David Goulet <dgoulet at torproject.org>
---
 changes/bug20715    |  4 ++++
 src/or/routerlist.c | 13 +++++++++++++
 2 files changed, 17 insertions(+)

diff --git a/changes/bug20715 b/changes/bug20715
new file mode 100644
index 0000000..737a560
--- /dev/null
+++ b/changes/bug20715
@@ -0,0 +1,4 @@
+  o Minor bugfixes (memory leak)
+    - When moving a signed descriptor object from a source to an existing
+      destination, free the allocated memory inside that destination object.
+      Bugfix on tor-0.2.8.3-alpha; Closes #20715.
diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index 56c0522..b876795 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -3235,6 +3235,17 @@ signed_descriptor_free(signed_descriptor_t *sd)
   tor_free(sd);
 }
 
+/** Reset the given signed descriptor <b>sd</b> by freeing the allocated
+ * memory inside the object and by zeroing its content. */
+static void
+signed_descriptor_reset(signed_descriptor_t *sd)
+{
+  tor_assert(sd);
+  tor_free(sd->signed_descriptor_body);
+  tor_cert_free(sd->signing_key_cert);
+  memset(sd, 0, sizeof(*sd));
+}
+
 /** Copy src into dest, and steal all references inside src so that when
  * we free src, we don't mess up dest. */
 static void
@@ -3242,6 +3253,8 @@ signed_descriptor_move(signed_descriptor_t *dest,
                        signed_descriptor_t *src)
 {
   tor_assert(dest != src);
+  /* Cleanup destination object before overwriting it.*/
+  signed_descriptor_reset(dest);
   memcpy(dest, src, sizeof(signed_descriptor_t));
   src->signed_descriptor_body = NULL;
   src->signing_key_cert = NULL;





More information about the tor-commits mailing list