Reserve enough space for rend_service_port_config_t

In #14803, Damian noticed that his Tor sometimes segfaults. Roger noted
that his valgrind gave an invalid write of size one here. Whenever we
use FLEXIBLE_ARRAY_MEMBER, we have to make sure to actually malloc a
thing that's large enough.

Fixes bug #14803, not in any released version of Tor.

diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index 6ae569cd8f690ca9b30895cb7830a6d927916030..6c934c8c12b4543b8eeec091dfa34ac49fad0f17 100644 (file)
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -314,7 +314,7 @@ static rend_service_port_config_t *
 rend_service_port_config_new(const char *socket_path)
 {
   if (!socket_path)
-    return tor_malloc_zero(sizeof(rend_service_port_config_t));
+    return tor_malloc_zero(sizeof(rend_service_port_config_t) + 1);
 
   const size_t pathlen = strlen(socket_path) + 1;
   rend_service_port_config_t *conf =