Merge branch 'bug4343'

author: Nick Mathewson <nickm@torproject.org> 2011-10-28 18:05:25 -0400
committer: Nick Mathewson <nickm@torproject.org> 2011-10-28 18:05:25 -0400
commit: 4dd8d811d669e245f95ed0fcc59de579e876ab91 (patch)
tree: 312d1d26b28462b568269f2506fa26008524b610
parent: 00a0de8508f4cb5ab28b91884c3ca1733e2a174f (diff)
parent: 2018f86e0c7f088de54ff8f7f4d1e04075785206 (diff)
download: tor-4dd8d811d669e245f95ed0fcc59de579e876ab91.tar.gz
tor-4dd8d811d669e245f95ed0fcc59de579e876ab91.zip
3 files changed, 9 insertions, 4 deletions
diff --git a/changes/bug4343 b/changes/bug4343
new file mode 100644
index 0000000000..cee272b976
--- /dev/null
+++ b/changes/bug4343
@@ -0,0 +1,5 @@
+  o Major bugfixes:
+    - Fix a double-free bug that would occur when we received an invalid
+      certificate in a CERT cell in the new v3 handshake. Fixes bug 4343;
+      bugfix on 0.2.3.6-alpha.
+
diff --git a/src/common/tortls.c b/src/common/tortls.c
index 7aaa4e0894..8cf396cdac 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -694,7 +694,7 @@ tor_cert_free(tor_cert_t *cert)
   if (cert->cert)
     X509_free(cert->cert);
   tor_free(cert->encoded);
-  memset(cert, 0x03, sizeof(cert));
+  memset(cert, 0x03, sizeof(*cert));
   tor_free(cert);
 }
 
diff --git a/src/or/command.c b/src/or/command.c
index 43d304e07b..c02d353bb1 100644
--- a/src/or/command.c
+++ b/src/or/command.c
@@ -1026,8 +1026,6 @@ command_process_cert_cell(var_cell_t *cell, or_connection_t *conn)
       ERR("The certs we wanted were missing");
 
     /* Remember these certificates so we can check an AUTHENTICATE cell */
-    conn->handshake_state->id_cert = id_cert;
-    conn->handshake_state->auth_cert = auth_cert;
     if (! tor_tls_cert_is_valid(auth_cert, id_cert, 1))
       ERR("The authentication certificate was not valid");
     if (! tor_tls_cert_is_valid(id_cert, id_cert, 1))
@@ -1038,6 +1036,8 @@ command_process_cert_cell(var_cell_t *cell, or_connection_t *conn)
              safe_str(conn->_base.address), conn->_base.port);
     /* XXXX check more stuff? */
 
+    conn->handshake_state->id_cert = id_cert;
+    conn->handshake_state->auth_cert = auth_cert;
     id_cert = auth_cert = NULL;
   }
 
@@ -1141,7 +1141,7 @@ command_process_authenticate_cell(var_cell_t *cell, or_connection_t *conn)
 #define ERR(s)                                                  \
   do {                                                          \
     log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,                      \
-           "Received a bad AUTHETNICATE cell from %s:%d: %s",   \
+           "Received a bad AUTHENTICATE cell from %s:%d: %s",   \
            safe_str(conn->_base.address), conn->_base.port, (s));       \
     connection_mark_for_close(TO_CONN(conn));                   \
     return;                                                     \
author	Nick Mathewson <nickm@torproject.org>	2011-10-28 18:05:25 -0400
committer	Nick Mathewson <nickm@torproject.org>	2011-10-28 18:05:25 -0400
commit	4dd8d811d669e245f95ed0fcc59de579e876ab91 (patch)
tree	312d1d26b28462b568269f2506fa26008524b610
parent	00a0de8508f4cb5ab28b91884c3ca1733e2a174f (diff)
parent	2018f86e0c7f088de54ff8f7f4d1e04075785206 (diff)
download	tor-4dd8d811d669e245f95ed0fcc59de579e876ab91.tar.gz tor-4dd8d811d669e245f95ed0fcc59de579e876ab91.zip