From: Nick Mathewson <nickm@torproject.org>
Date: Thu, 30 Nov 2017 16:44:15 +0000 (-0500)
Subject: Avoid use-after-free error in 20020 fix
X-Git-Tag: tor-0.3.3.1-alpha~176
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a1b0a0b9cd313535f954d8033ea6672ddd5ccc2a;p=thirdparty%2Ftor.git

Avoid use-after-free error in 20020 fix

CID 1424328; found by coverity; bugfix on 93dbce4ddd98ca9a4ff2f;
bug not in any released Tor.
---

diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index 24c0a4e073..ef1538279a 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -5197,6 +5197,10 @@ update_consensus_router_descriptor_downloads(time_t now, int is_vote,
           log_warn(LD_BUG, "Failed to re-parse a router.");
           continue;
         }
+        /* need to compute this now, since add_to_routerlist may free. */
+        char time_cert_expires[ISO_TIME_LEN+1];
+        format_iso_time(time_cert_expires, ri->cert_expiration_time);
+
         r = router_add_to_routerlist(ri, &msg, 1, 0);
         if (WRA_WAS_OUTDATED(r)) {
           log_warn(LD_DIR, "Couldn't add re-parsed router: %s. This isn't "
@@ -5205,12 +5209,10 @@ update_consensus_router_descriptor_downloads(time_t now, int is_vote,
                    msg?msg:"???");
           if (r == ROUTER_CERTS_EXPIRED) {
             char time_cons[ISO_TIME_LEN+1];
-            char time_cert[ISO_TIME_LEN+1];
             format_iso_time(time_cons, consensus->valid_after);
-            format_iso_time(time_cert, ri->cert_expiration_time);
             log_warn(LD_DIR, "  (I'm looking at a consensus from %s; This "
                      "router's certificates began expiring at %s.)",
-                     time_cons, time_cert);
+                     time_cons, time_cert_expires);
           }
         }
     } SMARTLIST_FOREACH_END(sd);