[tor-commits] [tor/master] SOCKS: Always free username/password before setting them.

Sun Jul 15 21:07:27 UTC 2018

commit 04512d9fcd03bde1cedfa09f208a4c410172fe22
Author: Nick Mathewson <nickm at torproject.org>
Date:   Thu Jul 12 14:20:56 2018 -0400

    SOCKS: Always free username/password before setting them.
    
    This fixes a memory leak found by fuzzing.
---
 src/core/proto/proto_socks.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/core/proto/proto_socks.c b/src/core/proto/proto_socks.c
index 530436c41..9cc9568a4 100644
--- a/src/core/proto/proto_socks.c
+++ b/src/core/proto/proto_socks.c
@@ -174,6 +174,7 @@ parse_socks4_request(const uint8_t *raw_data, socks_request_t *req,
       goto end;
     }
 
+    tor_free(req->username);
     req->got_auth = 1;
     req->username = tor_strdup(username);
     req->usernamelen = usernamelen;
@@ -445,6 +446,7 @@ parse_socks5_userpass_auth(const uint8_t *raw_data, socks_request_t *req,
    socks5_client_userpass_auth_getconstarray_passwd(trunnel_req);
 
   if (usernamelen && username) {
+    tor_free(req->username);
     req->username = tor_memdup_nulterm(username, usernamelen);
     req->usernamelen = usernamelen;
 
@@ -452,6 +454,7 @@ parse_socks5_userpass_auth(const uint8_t *raw_data, socks_request_t *req,
   }
 
   if (passwordlen && password) {
+    tor_free(req->password);
     req->password = tor_memdup_nulterm(password, passwordlen);
     req->passwordlen = passwordlen;
 



