diff options
| author | Nick Mathewson <nickm@torproject.org> | 2014-04-29 13:02:18 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2014-04-29 13:02:18 -0400 |
| commit | 1d3ffc0ec96777203b2eafee5905464d54ef9f91 (patch) | |
| tree | c259fdf6e3bc8391896d7bab599c8872ddfd75e1 | |
| parent | 9e44df2c98208fc6d0c3e9f9b3834f54e8a37cd8 (diff) | |
| parent | 65575b0755f64d21d59532bf58e6c27e14086bbb (diff) | |
| download | tor-1d3ffc0ec96777203b2eafee5905464d54ef9f91.tar.gz tor-1d3ffc0ec96777203b2eafee5905464d54ef9f91.zip | |
Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
| -rw-r--r-- | changes/md_leak_bug | 5 | ||||
| -rw-r--r-- | src/or/routerparse.c | 2 |
2 files changed, 7 insertions, 0 deletions
diff --git a/changes/md_leak_bug b/changes/md_leak_bug new file mode 100644 index 0000000000..26270aacc3 --- /dev/null +++ b/changes/md_leak_bug @@ -0,0 +1,5 @@ + o Major bugfixes (security, OOM) + - Fix a memory leak that could occur if a microdescriptor parse + fails during the tokenizing step. This could enable a memory + exhaustion attack by directory servers. Fixes bug #11649; bugfix + on 0.2.2.6-alpha. diff --git a/src/or/routerparse.c b/src/or/routerparse.c index a9c711be05..01f65f262b 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -4374,11 +4374,13 @@ microdescs_parse_from_string(const char *s, const char *eos, microdesc_free(md); md = NULL; + SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_clear(t)); memarea_clear(area); smartlist_clear(tokens); s = start_of_next_microdesc; } + SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_clear(t)); memarea_drop_all(area); smartlist_free(tokens); |