nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-09-20 13:06:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix use-after-free bug in storage_dir sandbox code.

Browse Source
This commit is contained in:
Nick Mathewson 2017-04-26 08:43:38 -04:00
parent 7b8d48a6cb
commit 16d6ab6640
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/common/storagedir.c
View File

@ -89,11 +89,12 @@ storage_dir_register_with_sandbox(storage_dir_t *d, sandbox_cfg_t **cfg)
tor_asprintf(&path, "%s/%d", d->directory, idx);
tor_asprintf(&tmppath, "%s/%d.tmp", d->directory, idx);
problems += sandbox_cfg_allow_open_filename(cfg, path);
problems += sandbox_cfg_allow_open_filename(cfg, tmppath);
problems += sandbox_cfg_allow_stat_filename(cfg, path);
problems += sandbox_cfg_allow_stat_filename(cfg, tmppath);
problems += sandbox_cfg_allow_rename(cfg, tmppath, path);
problems += sandbox_cfg_allow_open_filename(cfg, tor_strdup(path));
problems += sandbox_cfg_allow_open_filename(cfg, tor_strdup(tmppath));
problems += sandbox_cfg_allow_stat_filename(cfg, tor_strdup(path));
problems += sandbox_cfg_allow_stat_filename(cfg, tor_strdup(tmppath));
problems += sandbox_cfg_allow_rename(cfg,
tor_strdup(tmppath), tor_strdup(path));
tor_free(path);
tor_free(tmppath);