summaryrefslogtreecommitdiff
path: root/src/or/onion.c
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2008-01-16 05:27:19 +0000
committerNick Mathewson <nickm@torproject.org>2008-01-16 05:27:19 +0000
commit4a3b7496f0c47b0d00c9744698eaa237e601b32a (patch)
treefdefeb3c864306cc52f3e9f5dadb8414f8a99187 /src/or/onion.c
parent24aae484c93b09c7fc735e53874f02a22e4b5b43 (diff)
downloadtor-4a3b7496f0c47b0d00c9744698eaa237e601b32a.tar.gz
tor-4a3b7496f0c47b0d00c9744698eaa237e601b32a.zip
r17639@catbus: nickm | 2008-01-15 19:09:21 -0500
Fix some hard to trigger but nonetheless real memory leaks spotted by an anonymous contributor. Needs review. Partial backport candidate. svn:r13147
Diffstat (limited to 'src/or/onion.c')
-rw-r--r--src/or/onion.c9
1 files changed, 6 insertions, 3 deletions
diff --git a/src/or/onion.c b/src/or/onion.c
index aa42ab6c66..fb516da242 100644
--- a/src/or/onion.c
+++ b/src/or/onion.c
@@ -336,14 +336,13 @@ onion_skin_client_handshake(crypto_dh_env_t *handshake_state,
len = crypto_dh_compute_secret(handshake_state, handshake_reply, DH_KEY_LEN,
key_material, 20+key_out_len);
if (len < 0)
- return -1;
+ goto err;
if (memcmp(key_material, handshake_reply+DH_KEY_LEN, 20)) {
/* H(K) does *not* match. Something fishy. */
- tor_free(key_material);
log_warn(LD_PROTOCOL,"Digest DOES NOT MATCH on onion handshake. "
"Bug or attack.");
- return -1;
+ goto err;
}
/* use the rest of the key material for our shared keys, digests, etc */
@@ -357,6 +356,9 @@ onion_skin_client_handshake(crypto_dh_env_t *handshake_state,
tor_free(key_material);
return 0;
+ err:
+ tor_free(key_material);
+ return -1;
}
/** Implement the server side of the CREATE_FAST abbreviated handshake. The
@@ -429,6 +431,7 @@ fast_client_handshake(const char *handshake_state, /* DIGEST_LEN bytes */
/* H(K) does *not* match. Something fishy. */
log_warn(LD_PROTOCOL,"Digest DOES NOT MATCH on fast handshake. "
"Bug or attack.");
+ tor_free(out);
return -1;
}
memcpy(key_out, out+DIGEST_LEN, key_out_len);