mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-28 06:13:31 +01:00
Merge branch 'maint-0.4.6'
This commit is contained in:
commit
973fcf056a
3
changes/ticket40356
Normal file
3
changes/ticket40356
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
o Minor bugfix (onion service, client, memory leak):
|
||||||
|
- An expired cached descriptor could have been overwritten with a new one
|
||||||
|
leading to a memory leak. Fixes bug 40356; bugfix on 0.3.5.1-alpha.
|
@ -353,6 +353,31 @@ static digest256map_t *hs_cache_v3_client;
|
|||||||
* objects all related to a specific service. */
|
* objects all related to a specific service. */
|
||||||
static digest256map_t *hs_cache_client_intro_state;
|
static digest256map_t *hs_cache_client_intro_state;
|
||||||
|
|
||||||
|
#define cache_client_desc_free(val) \
|
||||||
|
FREE_AND_NULL(hs_cache_client_descriptor_t, cache_client_desc_free_, (val))
|
||||||
|
|
||||||
|
/** Free memory allocated by <b>desc</b>. */
|
||||||
|
static void
|
||||||
|
cache_client_desc_free_(hs_cache_client_descriptor_t *desc)
|
||||||
|
{
|
||||||
|
if (desc == NULL) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
hs_descriptor_free(desc->desc);
|
||||||
|
memwipe(&desc->key, 0, sizeof(desc->key));
|
||||||
|
memwipe(desc->encoded_desc, 0, strlen(desc->encoded_desc));
|
||||||
|
tor_free(desc->encoded_desc);
|
||||||
|
tor_free(desc);
|
||||||
|
}
|
||||||
|
|
||||||
|
/** Helper function: Use by the free all function to clear the client cache */
|
||||||
|
static void
|
||||||
|
cache_client_desc_free_void(void *ptr)
|
||||||
|
{
|
||||||
|
hs_cache_client_descriptor_t *desc = ptr;
|
||||||
|
cache_client_desc_free(desc);
|
||||||
|
}
|
||||||
|
|
||||||
/** Return the size of a client cache entry in bytes. */
|
/** Return the size of a client cache entry in bytes. */
|
||||||
static size_t
|
static size_t
|
||||||
cache_get_client_entry_size(const hs_cache_client_descriptor_t *entry)
|
cache_get_client_entry_size(const hs_cache_client_descriptor_t *entry)
|
||||||
@ -390,7 +415,18 @@ remove_v3_desc_as_client(const hs_cache_client_descriptor_t *desc)
|
|||||||
static void
|
static void
|
||||||
store_v3_desc_as_client(hs_cache_client_descriptor_t *desc)
|
store_v3_desc_as_client(hs_cache_client_descriptor_t *desc)
|
||||||
{
|
{
|
||||||
|
hs_cache_client_descriptor_t *cached_desc;
|
||||||
|
|
||||||
tor_assert(desc);
|
tor_assert(desc);
|
||||||
|
|
||||||
|
/* Because the lookup function doesn't return an expired entry, it can linger
|
||||||
|
* in the cache until we clean it up or a new descriptor is stored. So,
|
||||||
|
* before adding, we'll make sure we are not overwriting an old descriptor
|
||||||
|
* (which is OK in terms of semantic) but leads to memory leak. */
|
||||||
|
cached_desc = digest256map_get(hs_cache_v3_client, desc->key.pubkey);
|
||||||
|
if (cached_desc) {
|
||||||
|
cache_client_desc_free(cached_desc);
|
||||||
|
}
|
||||||
digest256map_set(hs_cache_v3_client, desc->key.pubkey, desc);
|
digest256map_set(hs_cache_v3_client, desc->key.pubkey, desc);
|
||||||
/* Update cache size with this entry for the OOM handler. */
|
/* Update cache size with this entry for the OOM handler. */
|
||||||
hs_cache_increment_allocation(cache_get_client_entry_size(desc));
|
hs_cache_increment_allocation(cache_get_client_entry_size(desc));
|
||||||
@ -473,31 +509,6 @@ cache_client_desc_new(const char *desc_str,
|
|||||||
return client_desc;
|
return client_desc;
|
||||||
}
|
}
|
||||||
|
|
||||||
#define cache_client_desc_free(val) \
|
|
||||||
FREE_AND_NULL(hs_cache_client_descriptor_t, cache_client_desc_free_, (val))
|
|
||||||
|
|
||||||
/** Free memory allocated by <b>desc</b>. */
|
|
||||||
static void
|
|
||||||
cache_client_desc_free_(hs_cache_client_descriptor_t *desc)
|
|
||||||
{
|
|
||||||
if (desc == NULL) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
hs_descriptor_free(desc->desc);
|
|
||||||
memwipe(&desc->key, 0, sizeof(desc->key));
|
|
||||||
memwipe(desc->encoded_desc, 0, strlen(desc->encoded_desc));
|
|
||||||
tor_free(desc->encoded_desc);
|
|
||||||
tor_free(desc);
|
|
||||||
}
|
|
||||||
|
|
||||||
/** Helper function: Use by the free all function to clear the client cache */
|
|
||||||
static void
|
|
||||||
cache_client_desc_free_void(void *ptr)
|
|
||||||
{
|
|
||||||
hs_cache_client_descriptor_t *desc = ptr;
|
|
||||||
cache_client_desc_free(desc);
|
|
||||||
}
|
|
||||||
|
|
||||||
/** Return a newly allocated and initialized hs_cache_intro_state_t object. */
|
/** Return a newly allocated and initialized hs_cache_intro_state_t object. */
|
||||||
static hs_cache_intro_state_t *
|
static hs_cache_intro_state_t *
|
||||||
cache_intro_state_new(void)
|
cache_intro_state_new(void)
|
||||||
|
Loading…
Reference in New Issue
Block a user