diff options
| author | Sebastian Hahn <sebastian@torproject.org> | 2009-09-13 21:47:55 +0200 |
|---|---|---|
| committer | Sebastian Hahn <sebastian@torproject.org> | 2009-09-14 22:25:08 +0200 |
| commit | b792afa91901abaa04417051d1369fa8e643d90d (patch) | |
| tree | 0ec5d3f0bab2d8b7074178e9906811fc75399895 | |
| parent | fcacf224913b3a0a08cef06a7241348f49b26e49 (diff) | |
| download | tor-b792afa91901abaa04417051d1369fa8e643d90d.tar.gz tor-b792afa91901abaa04417051d1369fa8e643d90d.zip | |
Fix a memory leak when parsing a ns
Adding the same vote to a networkstatus consensus leads to a memory leak
on the client side. Fix that by only using the first vote from any given
voter, and ignoring the others.
Problem found by Rotor, who also helped writing the patch. Thanks!
| -rw-r--r-- | ChangeLog | 3 | ||||
| -rw-r--r-- | src/or/routerparse.c | 8 |
2 files changed, 11 insertions, 0 deletions
@@ -6,6 +6,9 @@ Changes in version 0.2.1.20 - 2009-??-?? patch. Bugfix on the 54th commit on Tor -- from July 2002, before the release of Tor 0.0.0. This is the new winner of the oldest-bug prize. + - Fix a remotely triggerable memory leak when a consensus document + contains more than one signature from the same voter. Bugfix on + 0.2.0.3-alpha. o New directory authorities: - Set up urras (run by Jacob Appelbaum) as the seventh v3 directory diff --git a/src/or/routerparse.c b/src/or/routerparse.c index 97dd20f4e3..189458ee1e 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -2509,6 +2509,14 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out, } else { if (tok->object_size >= INT_MAX) goto err; + /* We already parsed a vote from this voter. Use the first one. */ + if (v->signature) { + log_fn(LOG_PROTOCOL_WARN, LD_DIR, "We received a networkstatus " + "that contains two votes from the same voter. Ignoring " + "the second vote."); + continue; + } + v->signature = tor_memdup(tok->object_body, tok->object_size); v->signature_len = (int) tok->object_size; } |