From: Nick Mathewson <nickm@torproject.org>
Date: Wed, 21 Nov 2018 12:38:38 +0000 (-0500)
Subject: Fix a fun heisenbug in memoize_protover_flags()
X-Git-Tag: tor-0.4.0.1-alpha~122
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=469f47ef8dc8b18104108f0437c860ec88fca6ad;p=thirdparty%2Ftor.git

Fix a fun heisenbug in memoize_protover_flags()

After we clear the protover map for getting full, we need to
re-create it, since we are about to use it.

This is a bugfix for bug 28558. It is a bugfix for the code from
ticket 27225, which is not in any released Tor.  Found by Google
OSS-Fuzz, as issue 11475.
---

diff --git a/src/core/or/versions.c b/src/core/or/versions.c
index 6f8eea7a67..5d4effcaf8 100644
--- a/src/core/or/versions.c
+++ b/src/core/or/versions.c
@@ -399,6 +399,7 @@ memoize_protover_summary(protover_summary_flags_t *out,
 
   if (strmap_size(protover_summary_map) >= MAX_PROTOVER_SUMMARY_MAP_LEN) {
     protover_summary_cache_free_all();
+    protover_summary_map = strmap_new();
   }
 
   const protover_summary_flags_t *cached =