From 8c8941eb297a166aa7b1b915a543bf97b3a63039 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alexander=20F=C3=A6r=C3=B8y?= Date: Sat, 23 Jun 2018 00:44:33 +0200 Subject: [PATCH 1/4] Fix potential memory leak in hs_helper_build_intro_point(). This patch fixes a potential memory leak in hs_helper_build_intro_point() where a `goto done` is called before the `intro_point` variable have been assigned to the value of the `ip` variable. See: Coverity CID 1437460 See: Coverity CID 1437456 --- src/test/hs_test_helpers.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/test/hs_test_helpers.c b/src/test/hs_test_helpers.c index 3f0d6a9413..f7e054b1d1 100644 --- a/src/test/hs_test_helpers.c +++ b/src/test/hs_test_helpers.c @@ -85,6 +85,9 @@ hs_helper_build_intro_point(const ed25519_keypair_t *signing_kp, time_t now, intro_point = ip; done: + if (intro_point == NULL) + tor_free(ip); + return intro_point; } From dc2384da30cae716f512dedef37d27f00c43f29d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alexander=20F=C3=A6r=C3=B8y?= Date: Sat, 23 Jun 2018 10:27:10 +0200 Subject: [PATCH 2/4] Fix potential memory leak in hs_helper_build_hs_desc_impl(). This patch fixes a memory leak in hs_helper_build_hs_desc_impl() where if a test assertion would fail we would leak the storage that `desc` points to. See: Coverity CID 1437448 --- src/test/hs_test_helpers.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/test/hs_test_helpers.c b/src/test/hs_test_helpers.c index f7e054b1d1..dcd58bc5fd 100644 --- a/src/test/hs_test_helpers.c +++ b/src/test/hs_test_helpers.c @@ -142,6 +142,9 @@ hs_helper_build_hs_desc_impl(unsigned int no_ip, descp = desc; done: + if (descp == NULL) + tor_free(desc); + return descp; } From d86c45bf5cc75a526b884a754d72ef4d11aa0693 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alexander=20F=C3=A6r=C3=B8y?= Date: Sat, 23 Jun 2018 10:33:40 +0200 Subject: [PATCH 3/4] Fix memory leak in client_likes_consensus(). This patches fixes a memory leak in client_likes_consensus() where if consensus_cache_entry_get_voter_id_digests() would fail we would return without having free'd the voters list. See: Coverity CID 1437447 --- src/or/directory.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/or/directory.c b/src/or/directory.c index 5ceea2fb32..f52354356d 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -3499,6 +3499,7 @@ client_likes_consensus(const struct consensus_cache_entry_t *ent, int have = 0; if (consensus_cache_entry_get_voter_id_digests(ent, voters) != 0) { + smartlist_free(voters); return 1; // We don't know the voters; assume the client won't mind. */ } From 8550016e6f5e2780259f5073e34e67708e4e87ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alexander=20F=C3=A6r=C3=B8y?= Date: Sat, 23 Jun 2018 12:52:04 +0200 Subject: [PATCH 4/4] Fix memory leak in test_channelpadding_consensus(). The relay variable is always allocated, but might not be freed before we return from this function. See: Coverity CID 1437431 --- src/test/test_channelpadding.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/test/test_channelpadding.c b/src/test/test_channelpadding.c index d54c9cc52c..0bc9699feb 100644 --- a/src/test/test_channelpadding.c +++ b/src/test/test_channelpadding.c @@ -745,6 +745,8 @@ test_channelpadding_consensus(void *arg) tt_i64_op(val, OP_LE, 24*60*60*2); done: + tor_free(relay); + free_mock_consensus(); free_fake_channeltls((channel_tls_t*)chan); smartlist_free(connection_array);