[tor-commits] [tor/master] hs-v3: fix use after free in client auth config
nickm at torproject.org
nickm at torproject.org
Fri Feb 8 13:37:51 UTC 2019
commit 8de735f0681970ff688cb5e775dae812ed27aa62
Author: Suphanat Chunhapanya <haxx.pop at gmail.com>
Date: Tue Jan 15 12:12:31 2019 +0700
hs-v3: fix use after free in client auth config
We accidentally use `auth` after freeing it in
client_service_authorization_free. The way to solve it is to
free after using it.
---
src/feature/hs/hs_client.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c
index 5fded92fe..e04f0cc0c 100644
--- a/src/feature/hs/hs_client.c
+++ b/src/feature/hs/hs_client.c
@@ -1637,17 +1637,17 @@ hs_config_client_authorization(const or_options_t *options,
* as a key of global map in the future. */
if (hs_parse_address(auth->onion_address, &identity_pk,
NULL, NULL) < 0) {
- client_service_authorization_free(auth);
log_warn(LD_REND, "The onion address \"%s\" is invalid in "
"file %s", filename, auth->onion_address);
+ client_service_authorization_free(auth);
continue;
}
if (digest256map_get(auths, identity_pk.pubkey)) {
- client_service_authorization_free(auth);
log_warn(LD_REND, "Duplicate authorization for the same hidden "
"service address %s.",
safe_str_client(auth->onion_address));
+ client_service_authorization_free(auth);
goto end;
}
More information about the tor-commits
mailing list