mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-23 20:03:31 +01:00
lookup_last_hid_serv_request() could overflow and leak memory
The problem was that we didn't allocate enough memory on 32-bit platforms with 64-bit time_t. The memory leak occured every time we fetched a hidden service descriptor we've fetched before.
This commit is contained in:
parent
f6ff14a82e
commit
dfee173289
@ -8,6 +8,13 @@ Changes in version 0.2.1.23 - 2010-0?-??
|
||||
automatically discard guards picked using the old algorithm. Fixes
|
||||
bug 1217; bugfix on 0.2.1.3-alpha. Found by Mike Perry.
|
||||
|
||||
o Major bugfixes:
|
||||
- Fix a potential buffer overflow in lookup_last_hid_serv_request()
|
||||
that could happen on 32-bit platforms with 64-bit time_t. Also fix
|
||||
a memory leak when requesting a hidden service descriptor we've
|
||||
requested before. Fixes bug 1242, bugfix on 0.2.0.18-alpha. Found
|
||||
by aakova.
|
||||
|
||||
o Minor bugfixes:
|
||||
- When deciding whether to use strange flags to turn TLS renegotiation
|
||||
on, detect the OpenSSL version at run-time, not compile time. We
|
||||
|
@ -354,9 +354,12 @@ lookup_last_hid_serv_request(routerstatus_t *hs_dir,
|
||||
tor_snprintf(hsdir_desc_comb_id, sizeof(hsdir_desc_comb_id), "%s%s",
|
||||
hsdir_id_base32, desc_id_base32);
|
||||
if (set) {
|
||||
last_request_ptr = tor_malloc_zero(sizeof(time_t *));
|
||||
time_t *oldptr;
|
||||
last_request_ptr = tor_malloc_zero(sizeof(time_t));
|
||||
*last_request_ptr = now;
|
||||
strmap_set(last_hid_serv_requests, hsdir_desc_comb_id, last_request_ptr);
|
||||
oldptr = strmap_set(last_hid_serv_requests, hsdir_desc_comb_id,
|
||||
last_request_ptr);
|
||||
tor_free(oldptr);
|
||||
} else
|
||||
last_request_ptr = strmap_get_lc(last_hid_serv_requests,
|
||||
hsdir_desc_comb_id);
|
||||
|
Loading…
Reference in New Issue
Block a user