Merge branch 'bug4343'

This commit is contained in:
Nick Mathewson 2011-10-28 18:05:25 -04:00
commit 4dd8d811d6
3 changed files with 9 additions and 4 deletions

5
changes/bug4343 Normal file
View File

@ -0,0 +1,5 @@
o Major bugfixes:
- Fix a double-free bug that would occur when we received an invalid
certificate in a CERT cell in the new v3 handshake. Fixes bug 4343;
bugfix on 0.2.3.6-alpha.

View File

@ -694,7 +694,7 @@ tor_cert_free(tor_cert_t *cert)
if (cert->cert)
X509_free(cert->cert);
tor_free(cert->encoded);
memset(cert, 0x03, sizeof(cert));
memset(cert, 0x03, sizeof(*cert));
tor_free(cert);
}

View File

@ -1026,8 +1026,6 @@ command_process_cert_cell(var_cell_t *cell, or_connection_t *conn)
ERR("The certs we wanted were missing");
/* Remember these certificates so we can check an AUTHENTICATE cell */
conn->handshake_state->id_cert = id_cert;
conn->handshake_state->auth_cert = auth_cert;
if (! tor_tls_cert_is_valid(auth_cert, id_cert, 1))
ERR("The authentication certificate was not valid");
if (! tor_tls_cert_is_valid(id_cert, id_cert, 1))
@ -1038,6 +1036,8 @@ command_process_cert_cell(var_cell_t *cell, or_connection_t *conn)
safe_str(conn->_base.address), conn->_base.port);
/* XXXX check more stuff? */
conn->handshake_state->id_cert = id_cert;
conn->handshake_state->auth_cert = auth_cert;
id_cert = auth_cert = NULL;
}
@ -1141,7 +1141,7 @@ command_process_authenticate_cell(var_cell_t *cell, or_connection_t *conn)
#define ERR(s) \
do { \
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, \
"Received a bad AUTHETNICATE cell from %s:%d: %s", \
"Received a bad AUTHENTICATE cell from %s:%d: %s", \
safe_str(conn->_base.address), conn->_base.port, (s)); \
connection_mark_for_close(TO_CONN(conn)); \
return; \