diff options
author | David Goulet <dgoulet@torproject.org> | 2016-12-08 11:46:52 -0500 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2016-12-09 08:30:46 -0500 |
commit | 9bb3bcbc414f8845d025e6bf74ffdf6be96a5ebe (patch) | |
tree | ba743b0f367ce33959dee79a3ea05df74ea9402c /src | |
parent | f9636ebc2f70544f8b86eb7e3a86a85c81349f8e (diff) | |
download | tor-9bb3bcbc414f8845d025e6bf74ffdf6be96a5ebe.tar.gz tor-9bb3bcbc414f8845d025e6bf74ffdf6be96a5ebe.zip |
router: Fix memory leak in signed_descriptor_move()
The signed_descriptor_move() was not releasing memory inside the destination
object before overwriting it with the source object. This commit adds a reset
function that free that memory inside a signed descriptor object and zero it.
Closes #20715.
Signed-off-by: David Goulet <dgoulet@torproject.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/or/routerlist.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 56c0522cdc..b876795445 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -3235,6 +3235,17 @@ signed_descriptor_free(signed_descriptor_t *sd) tor_free(sd); } +/** Reset the given signed descriptor <b>sd</b> by freeing the allocated + * memory inside the object and by zeroing its content. */ +static void +signed_descriptor_reset(signed_descriptor_t *sd) +{ + tor_assert(sd); + tor_free(sd->signed_descriptor_body); + tor_cert_free(sd->signing_key_cert); + memset(sd, 0, sizeof(*sd)); +} + /** Copy src into dest, and steal all references inside src so that when * we free src, we don't mess up dest. */ static void @@ -3242,6 +3253,8 @@ signed_descriptor_move(signed_descriptor_t *dest, signed_descriptor_t *src) { tor_assert(dest != src); + /* Cleanup destination object before overwriting it.*/ + signed_descriptor_reset(dest); memcpy(dest, src, sizeof(signed_descriptor_t)); src->signed_descriptor_body = NULL; src->signing_key_cert = NULL; |