From: Nick Mathewson <nickm@torproject.org>
Date: Thu, 18 Sep 2014 15:13:57 +0000 (-0400)
Subject: Fix a double-free in failing case of handle_control_authenticate.
X-Git-Tag: tor-0.2.6.1-alpha~84
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=801f4d438460cd6eb0190fc18161ad499a95bc9b;p=thirdparty%2Ftor.git

Fix a double-free in failing case of handle_control_authenticate.

Bugfix on ed8f020e205267e6270494634346ab68d830e1d8; bug not in any
released version of Tor.  Found by Coverity; this is CID 1239290.

[Yes, I used this commit message before, in 58e813d0fcfcecfc2017.
Turns out, that fix wasn't right, since I didn't look up a
screen. :P ]
---

diff --git a/src/or/control.c b/src/or/control.c
index b1709e0d23..92dd2309ed 100644
--- a/src/or/control.c
+++ b/src/or/control.c
@@ -1173,6 +1173,7 @@ handle_control_authenticate(control_connection_t *conn, uint32_t len,
       bad_password = 1;
       SMARTLIST_FOREACH(sl, char *, cp, tor_free(cp));
       smartlist_free(sl);
+      sl = NULL;
     } else {
       SMARTLIST_FOREACH(sl, char *, expected,
       {