From 9bb3bcbc414f8845d025e6bf74ffdf6be96a5ebe Mon Sep 17 00:00:00 2001 From: David Goulet Date: Thu, 8 Dec 2016 11:46:52 -0500 Subject: [PATCH] router: Fix memory leak in signed_descriptor_move() The signed_descriptor_move() was not releasing memory inside the destination object before overwriting it with the source object. This commit adds a reset function that free that memory inside a signed descriptor object and zero it. Closes #20715. Signed-off-by: David Goulet --- changes/bug20715 | 4 ++++ src/or/routerlist.c | 13 +++++++++++++ 2 files changed, 17 insertions(+) create mode 100644 changes/bug20715 diff --git a/changes/bug20715 b/changes/bug20715 new file mode 100644 index 0000000000..737a560cec --- /dev/null +++ b/changes/bug20715 @@ -0,0 +1,4 @@ + o Minor bugfixes (memory leak) + - When moving a signed descriptor object from a source to an existing + destination, free the allocated memory inside that destination object. + Bugfix on tor-0.2.8.3-alpha; Closes #20715. diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 56c0522cdc..b876795445 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -3235,6 +3235,17 @@ signed_descriptor_free(signed_descriptor_t *sd) tor_free(sd); } +/** Reset the given signed descriptor sd by freeing the allocated + * memory inside the object and by zeroing its content. */ +static void +signed_descriptor_reset(signed_descriptor_t *sd) +{ + tor_assert(sd); + tor_free(sd->signed_descriptor_body); + tor_cert_free(sd->signing_key_cert); + memset(sd, 0, sizeof(*sd)); +} + /** Copy src into dest, and steal all references inside src so that when * we free src, we don't mess up dest. */ static void @@ -3242,6 +3253,8 @@ signed_descriptor_move(signed_descriptor_t *dest, signed_descriptor_t *src) { tor_assert(dest != src); + /* Cleanup destination object before overwriting it.*/ + signed_descriptor_reset(dest); memcpy(dest, src, sizeof(signed_descriptor_t)); src->signed_descriptor_body = NULL; src->signing_key_cert = NULL;