From ce5d055ed7e4d8e5d1c0b0b922738c87b6a8da1c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alexander=20F=C3=A6r=C3=B8y?= Date: Sat, 23 Jun 2018 03:40:32 +0200 Subject: [PATCH 1/3] Fix memory leak in pick_hsdir_v3(). This patch fixes a memory leak in pick_hsdir_v3() where we might return early, but forgot to free the responsible_hsdirs variable. We solve this by not allocating storage for responsible_hsdirs until it's actually needed. See: Coverity CID 1437449 --- src/or/hs_client.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/or/hs_client.c b/src/or/hs_client.c index 551cf50554..4e2824c13d 100644 --- a/src/or/hs_client.c +++ b/src/or/hs_client.c @@ -365,14 +365,12 @@ pick_hsdir_v3(const ed25519_public_key_t *onion_identity_pk) int retval; char base64_blinded_pubkey[ED25519_BASE64_LEN + 1]; uint64_t current_time_period = hs_get_time_period_num(0); - smartlist_t *responsible_hsdirs; + smartlist_t *responsible_hsdirs = NULL; ed25519_public_key_t blinded_pubkey; routerstatus_t *hsdir_rs = NULL; tor_assert(onion_identity_pk); - responsible_hsdirs = smartlist_new(); - /* Get blinded pubkey of hidden service */ hs_build_blinded_pubkey(onion_identity_pk, NULL, 0, current_time_period, &blinded_pubkey); @@ -383,6 +381,8 @@ pick_hsdir_v3(const ed25519_public_key_t *onion_identity_pk) } /* Get responsible hsdirs of service for this time period */ + responsible_hsdirs = smartlist_new(); + hs_get_responsible_hsdirs(&blinded_pubkey, current_time_period, 0, 1, responsible_hsdirs); From 8e805bf0f65ffd137a6c9ed89be060e5d9ba317d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alexander=20F=C3=A6r=C3=B8y?= Date: Sat, 23 Jun 2018 10:48:42 +0200 Subject: [PATCH 2/3] Fix memory leak in new_establish_intro_cell(). This patch fixes a memory leak in new_establish_intro_cell() that could happen if a test assertion fails and the *cell_out value isn't properly free'd. See: Coverity CID 1437445 --- src/test/test_hs_intropoint.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/test/test_hs_intropoint.c b/src/test/test_hs_intropoint.c index 0cae2de7e1..b2d2700f8b 100644 --- a/src/test/test_hs_intropoint.c +++ b/src/test/test_hs_intropoint.c @@ -43,6 +43,10 @@ new_establish_intro_cell(const char *circ_nonce, trn_cell_establish_intro_t *cell = NULL; hs_service_intro_point_t *ip = NULL; + /* Ensure that *cell_out is NULL such that we can use to check if we need to + * free `cell` in case of an error. */ + *cell_out = NULL; + /* Auth key pair is generated in the constructor so we are all set for * using this IP object. */ ip = service_intro_point_new(NULL, 0); @@ -56,6 +60,9 @@ new_establish_intro_cell(const char *circ_nonce, *cell_out = cell; done: + if (*cell_out == NULL) + trn_cell_establish_intro_free(cell); + service_intro_point_free(ip); return cell_len; } From a2e623f631a63f041f76b79e554b01bbf62748b8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alexander=20F=C3=A6r=C3=B8y?= Date: Sat, 23 Jun 2018 13:05:41 +0200 Subject: [PATCH 3/3] Fix memory leak in helper_add_hsdir_to_networkstatus(). This patch fixes a memory leak in helper_add_hsdir_to_networkstatus() where the rs object might not get properly freed. See: Coverity CID 1437427. --- src/test/test_hs_common.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/test/test_hs_common.c b/src/test/test_hs_common.c index 21daa58abd..3ae623ed0a 100644 --- a/src/test/test_hs_common.c +++ b/src/test/test_hs_common.c @@ -284,6 +284,7 @@ helper_add_hsdir_to_networkstatus(networkstatus_t *ns, routerinfo_t *ri = tor_malloc_zero(sizeof(routerinfo_t)); uint8_t identity[DIGEST_LEN]; tor_addr_t ipv4_addr; + node_t *node = NULL; memset(identity, identity_idx, sizeof(identity)); @@ -302,7 +303,8 @@ helper_add_hsdir_to_networkstatus(networkstatus_t *ns, memset(&ri->cache_info.signing_key_cert->signing_key, identity_idx, ED25519_PUBKEY_LEN); tt_assert(nodelist_set_routerinfo(ri, NULL)); - node_t *node = node_get_mutable_by_id(ri->cache_info.identity_digest); + + node = node_get_mutable_by_id(ri->cache_info.identity_digest); tt_assert(node); node->rs = rs; /* We need this to exist for node_has_descriptor() to return true. */ @@ -314,6 +316,9 @@ helper_add_hsdir_to_networkstatus(networkstatus_t *ns, smartlist_add(ns->routerstatus_list, rs); done: + if (node == NULL) + routerstatus_free(rs); + routerinfo_free(ri); }