diff options
| author | Suphanat Chunhapanya <haxx.pop@gmail.com> | 2019-01-15 12:12:31 +0700 |
|---|---|---|
| committer | Suphanat Chunhapanya <haxx.pop@gmail.com> | 2019-01-24 04:31:07 +0700 |
| commit | 8de735f0681970ff688cb5e775dae812ed27aa62 (patch) | |
| tree | 219ed579329e72a03a76477935b074c6bc253679 | |
| parent | 9d9e71824cc228123aebd28b7b08fb9fb30d36b1 (diff) | |
| download | tor-8de735f0681970ff688cb5e775dae812ed27aa62.tar.gz tor-8de735f0681970ff688cb5e775dae812ed27aa62.zip | |
hs-v3: fix use after free in client auth config
We accidentally use `auth` after freeing it in
client_service_authorization_free. The way to solve it is to
free after using it.
| -rw-r--r-- | src/feature/hs/hs_client.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c index 5fded92fe3..e04f0cc0c3 100644 --- a/src/feature/hs/hs_client.c +++ b/src/feature/hs/hs_client.c @@ -1637,17 +1637,17 @@ hs_config_client_authorization(const or_options_t *options, * as a key of global map in the future. */ if (hs_parse_address(auth->onion_address, &identity_pk, NULL, NULL) < 0) { - client_service_authorization_free(auth); log_warn(LD_REND, "The onion address \"%s\" is invalid in " "file %s", filename, auth->onion_address); + client_service_authorization_free(auth); continue; } if (digest256map_get(auths, identity_pk.pubkey)) { - client_service_authorization_free(auth); log_warn(LD_REND, "Duplicate authorization for the same hidden " "service address %s.", safe_str_client(auth->onion_address)); + client_service_authorization_free(auth); goto end; } |