Merge branch 'maint-0.3.0'

2 files changed, 10 insertions, 1 deletions

diff --git a/changes/bug22370 b/changes/bug22370
new file mode 100644
index 0000000000..e0e87e3339
--- /dev/null
+++ b/changes/bug22370
@@ -0,0 +1,4 @@
+  o Minor bugfixes (memory handling):
+    - When directory authorities reject a router descriptor due to keypinning,
+      free the router descriptor rather than leaking the memory.
+      Fixes bug 22370; bugfix on 0.2.7.2-alpha.
diff --git a/src/or/dirserv.c b/src/or/dirserv.c
index 1441d64506..408f58b22b 100644
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -643,7 +643,11 @@ dirserv_add_multiple_descriptors(const char *desc, uint8_t purpose,
  * passed back to the origin of this descriptor, or NULL if there is no such
  * message. Use <b>source</b> to produce better log messages.
  *
- * Return the status of the operation
+ * If <b>ri</b> is not added to the list of server descriptors, free it.
+ * That means the caller must not access <b>ri</b> after this function
+ * returns, since it might have been freed.
+ *
+ * Return the status of the operation.
  *
  * This function is only called when fresh descriptors are posted, not when
  * we re-load the cache.
@@ -716,6 +720,7 @@ dirserv_add_descriptor(routerinfo_t *ri, const char **msg, const char *source)
              "its key did not match an older RSA/Ed25519 keypair",
              router_describe(ri), source);
     *msg = "Looks like your keypair does not match its older value.";
+    routerinfo_free(ri);
     return ROUTER_AUTHDIR_REJECTS;
   }