From 0bd68bf98617607f5ca0f98e4d67bf66c6b5b210 Mon Sep 17 00:00:00 2001 From: Donncha O'Cearbhaill Date: Mon, 3 Aug 2015 17:37:09 +0200 Subject: [PATCH] Clean up service-side descriptor cache and fix potential double-free. Entries in the service-side descriptor cache are now cleaned when rend_cache_free_all() is called. The call to tor_free(intro_content) in rend_cache_store_v2_desc_as_service() is moved to prevent a potential double-free when a service has a descriptor with a newer timestamp already in it's service-side descriptor cache. --- src/or/rendcache.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/or/rendcache.c b/src/or/rendcache.c index 0abfeb50ca..7617e9db28 100644 --- a/src/or/rendcache.c +++ b/src/or/rendcache.c @@ -222,9 +222,11 @@ rend_cache_free_all(void) { strmap_free(rend_cache, rend_cache_entry_free_); digestmap_free(rend_cache_v2_dir, rend_cache_entry_free_); + strmap_free(rend_cache_service, rend_cache_entry_free_); strmap_free(rend_cache_failure, rend_cache_failure_entry_free_); rend_cache = NULL; rend_cache_v2_dir = NULL; + rend_cache_service = NULL; rend_cache_failure = NULL; rend_cache_total_allocation = 0; } @@ -715,8 +717,6 @@ rend_cache_store_v2_desc_as_service(const char *desc) log_warn(LD_REND, "Couldn't compute service ID."); goto err; } - /* We don't care about the introduction points. */ - tor_free(intro_content); /* Do we already have a newer descriptor? Allow new descriptors with a rounded timestamp equal to or newer than the current descriptor */ @@ -726,6 +726,8 @@ rend_cache_store_v2_desc_as_service(const char *desc) "service ID %s.", safe_str_client(service_id)); goto okay; } + /* We don't care about the introduction points. */ + tor_free(intro_content); if (!e) { e = tor_malloc_zero(sizeof(rend_cache_entry_t)); strmap_set_lc(rend_cache_service, service_id, e);