diff options
| author | Nick Mathewson <nickm@torproject.org> | 2017-04-26 08:43:38 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2017-04-27 21:40:12 -0400 |
| commit | 16d6ab6640b4404d47096cbf1d25e1b57b0b26bb (patch) | |
| tree | aa701502d334f7beace3504c2ac1316b97248b8a | |
| parent | 7b8d48a6cb1109a5cd16e4db7b088a968b0186e3 (diff) | |
| download | tor-16d6ab6640b4404d47096cbf1d25e1b57b0b26bb.tar.gz tor-16d6ab6640b4404d47096cbf1d25e1b57b0b26bb.zip | |
Fix use-after-free bug in storage_dir sandbox code.
| -rw-r--r-- | src/common/storagedir.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/src/common/storagedir.c b/src/common/storagedir.c index 7e0be6754b..9d3c32e237 100644 --- a/src/common/storagedir.c +++ b/src/common/storagedir.c @@ -89,11 +89,12 @@ storage_dir_register_with_sandbox(storage_dir_t *d, sandbox_cfg_t **cfg) tor_asprintf(&path, "%s/%d", d->directory, idx); tor_asprintf(&tmppath, "%s/%d.tmp", d->directory, idx); - problems += sandbox_cfg_allow_open_filename(cfg, path); - problems += sandbox_cfg_allow_open_filename(cfg, tmppath); - problems += sandbox_cfg_allow_stat_filename(cfg, path); - problems += sandbox_cfg_allow_stat_filename(cfg, tmppath); - problems += sandbox_cfg_allow_rename(cfg, tmppath, path); + problems += sandbox_cfg_allow_open_filename(cfg, tor_strdup(path)); + problems += sandbox_cfg_allow_open_filename(cfg, tor_strdup(tmppath)); + problems += sandbox_cfg_allow_stat_filename(cfg, tor_strdup(path)); + problems += sandbox_cfg_allow_stat_filename(cfg, tor_strdup(tmppath)); + problems += sandbox_cfg_allow_rename(cfg, + tor_strdup(tmppath), tor_strdup(path)); tor_free(path); tor_free(tmppath); |