From: Nick Mathewson <nickm@torproject.org>
Date: Wed, 1 Aug 2012 21:25:34 +0000 (-0400)
Subject: Defensive programming: clear rs_out between iterations.
X-Git-Tag: tor-0.2.3.21-rc~6^2~15^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2d6d5db2fe4f8a4538c5bed903f7e1576e9eea40;p=thirdparty%2Ftor.git

Defensive programming: clear rs_out between iterations.

I can't currently find a bug here, but there are a couple of
near-misses.  Addresses ticket 6514; reported pseudonymously on
IRC.
---

diff --git a/changes/bug6514 b/changes/bug6514
new file mode 100644
index 0000000000..84633bd279
--- /dev/null
+++ b/changes/bug6514
@@ -0,0 +1,5 @@
+  o Minor bugfixes:
+    - Add a (probably redundant) memory clear between iterations of
+      the router status voting loop, to prevent future coding errors
+      where data might leak between iterations of the loop. Resolves
+      ticket 6514.
diff --git a/src/or/dirvote.c b/src/or/dirvote.c
index 79958739a5..bc7797355c 100644
--- a/src/or/dirvote.c
+++ b/src/or/dirvote.c
@@ -1752,6 +1752,7 @@ networkstatus_compute_consensus(smartlist_t *votes,
       rs = compute_routerstatus_consensus(matching_descs, consensus_method,
                                           microdesc_digest);
       /* Copy bits of that into rs_out. */
+      memset(&rs_out, 0, sizeof(rs_out));
       tor_assert(fast_memeq(lowest_id, rs->status.identity_digest,DIGEST_LEN));
       memcpy(rs_out.identity_digest, lowest_id, DIGEST_LEN);
       memcpy(rs_out.descriptor_digest, rs->status.descriptor_digest,