From: Sebastian Hahn <sebastian@torproject.org>
Date: Mon, 9 Feb 2015 03:48:16 +0000 (+0100)
Subject: Reserve enough space for rend_service_port_config_t
X-Git-Tag: tor-0.2.6.3-alpha~67
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=37d16c3cc78151daf2cbebd643ea4d64b504989e;p=thirdparty%2Ftor.git

Reserve enough space for rend_service_port_config_t

In #14803, Damian noticed that his Tor sometimes segfaults. Roger noted
that his valgrind gave an invalid write of size one here. Whenever we
use FLEXIBLE_ARRAY_MEMBER, we have to make sure to actually malloc a
thing that's large enough.

Fixes bug #14803, not in any released version of Tor.
---

diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index 6ae569cd8f..6c934c8c12 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -314,7 +314,7 @@ static rend_service_port_config_t *
 rend_service_port_config_new(const char *socket_path)
 {
   if (!socket_path)
-    return tor_malloc_zero(sizeof(rend_service_port_config_t));
+    return tor_malloc_zero(sizeof(rend_service_port_config_t) + 1);
 
   const size_t pathlen = strlen(socket_path) + 1;
   rend_service_port_config_t *conf =