]> git.ipfire.org Git - thirdparty/tor.git/commit
projects / thirdparty / tor.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9e90707) | patch
Avoid free()ing from an mmap on corrupted microdesc cache
authorNick Mathewson <nickm@torproject.org>
Mon, 16 Dec 2013 18:00:15 +0000 (13:00 -0500)
committerNick Mathewson <nickm@torproject.org>
Mon, 16 Dec 2013 18:06:00 +0000 (13:06 -0500)
commitd8cfa2ef4e6d57f6dd4a33e5b3cfb1a2a12fc4be
tree995f347a060a3d7abadbc2f69daeddb4c1e174bctree | snapshot
parent9e907076025ccd91abfad7fc70c09ba4c9228f82commit | diff
Avoid free()ing from an mmap on corrupted microdesc cache

The 'body' field of a microdesc_t holds a strdup()'d value if the
microdesc's saved_location field is SAVED_IN_JOURNAL or
SAVED_NOWHERE, and holds a pointer to the middle of an mmap if the
microdesc is SAVED_IN_CACHE.  But we weren't setting that field
until a while after we parsed the microdescriptor, which left an
interval where microdesc_free() would try to free() the middle of
the mmap().

This patch also includes a regression test.

This is a fix for #10409; bugfix on 0.2.2.6-alpha.
changes/bug10409 [new file with mode: 0644] blob
src/or/dirvote.c diff | blob | blame | history
src/or/microdesc.c diff | blob | blame | history
src/or/routerparse.c diff | blob | blame | history
src/or/routerparse.h diff | blob | blame | history
src/test/test_microdesc.c diff | blob | blame | history
Mirror of https://git.torproject.org/tor.git