diff options
| author | Nick Mathewson <nickm@torproject.org> | 2013-12-16 13:00:15 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2013-12-16 13:06:00 -0500 |
| commit | d8cfa2ef4e6d57f6dd4a33e5b3cfb1a2a12fc4be (patch) | |
| tree | 995f347a060a3d7abadbc2f69daeddb4c1e174bc /changes | |
| parent | 9e907076025ccd91abfad7fc70c09ba4c9228f82 (diff) | |
| download | tor-d8cfa2ef4e6d57f6dd4a33e5b3cfb1a2a12fc4be.tar.gz tor-d8cfa2ef4e6d57f6dd4a33e5b3cfb1a2a12fc4be.zip | |
Avoid free()ing from an mmap on corrupted microdesc cache
The 'body' field of a microdesc_t holds a strdup()'d value if the
microdesc's saved_location field is SAVED_IN_JOURNAL or
SAVED_NOWHERE, and holds a pointer to the middle of an mmap if the
microdesc is SAVED_IN_CACHE. But we weren't setting that field
until a while after we parsed the microdescriptor, which left an
interval where microdesc_free() would try to free() the middle of
the mmap().
This patch also includes a regression test.
This is a fix for #10409; bugfix on 0.2.2.6-alpha.
Diffstat (limited to 'changes')
| -rw-r--r-- | changes/bug10409 | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/changes/bug10409 b/changes/bug10409 new file mode 100644 index 0000000000..5ef5ae29de --- /dev/null +++ b/changes/bug10409 @@ -0,0 +1,3 @@ + o Minor bugfixes: + - Avoid a crash bug when starting with a corrupted microdescriptor + cache file. Fix for bug 10406; bugfix on 0.2.2.6-alpha. |