diff options
| -rw-r--r-- | changes/bug4251 | 8 | ||||
| -rw-r--r-- | src/or/rendservice.c | 13 |
2 files changed, 21 insertions, 0 deletions
diff --git a/changes/bug4251 b/changes/bug4251 new file mode 100644 index 0000000000..303c9e6364 --- /dev/null +++ b/changes/bug4251 @@ -0,0 +1,8 @@ + o Minor bugfixes: + + - When a hidden service turns an extra service-side introduction + circuit into a general-purpose circuit, free the rend_data and + intro_key fields first, so they won't be leaked if the circuit + is cannibalized for use as another service-side introduction + circuit. Bugfix on 0.2.1.7-alpha; fixes bug 4251. + diff --git a/src/or/rendservice.c b/src/or/rendservice.c index 32b4dbb93e..d582d71f6c 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -1424,7 +1424,20 @@ rend_service_intro_has_opened(origin_circuit_t *circuit) log_info(LD_CIRC|LD_REND, "We have just finished an introduction " "circuit, but we already have enough. Redefining purpose to " "general; leaving as internal."); + TO_CIRCUIT(circuit)->purpose = CIRCUIT_PURPOSE_C_GENERAL; + + { + rend_data_t *rend_data = circuit->rend_data; + circuit->rend_data = NULL; + rend_data_free(rend_data); + } + { + crypto_pk_env_t *intro_key = circuit->intro_key; + circuit->intro_key = NULL; + crypto_free_pk_env(intro_key); + } + circuit_has_opened(circuit); return; } |