[tor-commits] [tor/release-0.2.9] Fix CID 1430932

nickm at torproject.org nickm at torproject.org
Tue Mar 27 22:26:47 UTC 2018


commit 4bb7d9fd1241a3c263636efa03ee8c62ab744515
Author: Taylor Yu <catalyst at torproject.org>
Date:   Mon Mar 26 17:51:50 2018 -0500

    Fix CID 1430932
    
    Coverity found a null pointer reference in nodelist_add_microdesc().
    This is almost certainly impossible assuming that the routerstatus_t
    returned by router_get_consensus_status_by_descriptor_digest() always
    corresponds to an entry in the nodelist.  Fixes bug 25629.
---
 changes/bug25629  |  3 +++
 src/or/nodelist.c | 13 ++++++-------
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/changes/bug25629 b/changes/bug25629
new file mode 100644
index 000000000..190928a94
--- /dev/null
+++ b/changes/bug25629
@@ -0,0 +1,3 @@
+  o Minor bugfixes (C correctness):
+    - Fix a very unlikely null pointer dereference.  Fixes bug 25629;
+      bugfix on 0.2.9.15.  Found by Coverity; this is CID 1430932.
diff --git a/src/or/nodelist.c b/src/or/nodelist.c
index 5a02648c5..26f990b08 100644
--- a/src/or/nodelist.c
+++ b/src/or/nodelist.c
@@ -263,13 +263,12 @@ nodelist_add_microdesc(microdesc_t *md)
   if (rs == NULL)
     return NULL;
   node = node_get_mutable_by_id(rs->identity_digest);
-  if (node) {
-    if (node->md)
-      node->md->held_by_nodes--;
-    node->md = md;
-    md->held_by_nodes++;
-  }
-
+  if (node == NULL)
+    return NULL;
+  if (node->md)
+    node->md->held_by_nodes--;
+  node->md = md;
+  md->held_by_nodes++;
   node_add_to_address_set(node);
 
   return node;





More information about the tor-commits mailing list