lookup_last_hid_serv_request() could overflow and leak memory

The problem was that we didn't allocate enough memory on 32-bit
platforms with 64-bit time_t. The memory leak occured every time
we fetched a hidden service descriptor we've fetched before.
This commit is contained in:
Sebastian Hahn 2010-02-07 06:30:55 +01:00
parent f6ff14a82e
commit dfee173289
2 changed files with 12 additions and 2 deletions

View File

@ -8,6 +8,13 @@ Changes in version 0.2.1.23 - 2010-0?-??
automatically discard guards picked using the old algorithm. Fixes
bug 1217; bugfix on 0.2.1.3-alpha. Found by Mike Perry.
o Major bugfixes:
- Fix a potential buffer overflow in lookup_last_hid_serv_request()
that could happen on 32-bit platforms with 64-bit time_t. Also fix
a memory leak when requesting a hidden service descriptor we've
requested before. Fixes bug 1242, bugfix on 0.2.0.18-alpha. Found
by aakova.
o Minor bugfixes:
- When deciding whether to use strange flags to turn TLS renegotiation
on, detect the OpenSSL version at run-time, not compile time. We

View File

@ -354,9 +354,12 @@ lookup_last_hid_serv_request(routerstatus_t *hs_dir,
tor_snprintf(hsdir_desc_comb_id, sizeof(hsdir_desc_comb_id), "%s%s",
hsdir_id_base32, desc_id_base32);
if (set) {
last_request_ptr = tor_malloc_zero(sizeof(time_t *));
time_t *oldptr;
last_request_ptr = tor_malloc_zero(sizeof(time_t));
*last_request_ptr = now;
strmap_set(last_hid_serv_requests, hsdir_desc_comb_id, last_request_ptr);
oldptr = strmap_set(last_hid_serv_requests, hsdir_desc_comb_id,
last_request_ptr);
tor_free(oldptr);
} else
last_request_ptr = strmap_get_lc(last_hid_serv_requests,
hsdir_desc_comb_id);