diff options
| -rw-r--r-- | changes/bug27165 | 4 | ||||
| -rw-r--r-- | changes/bug27649 | 4 | ||||
| -rw-r--r-- | changes/bug27658 | 6 | ||||
| -rw-r--r-- | changes/ticket27547 | 7 | ||||
| -rw-r--r-- | doc/tor.1.txt | 30 | ||||
| -rw-r--r-- | src/core/mainloop/connection.c | 12 | ||||
| -rw-r--r-- | src/core/or/channelpadding.c | 2 | ||||
| -rw-r--r-- | src/ext/tinytest.c | 12 | ||||
| -rw-r--r-- | src/feature/hs/hs_service.c | 5 | ||||
| -rw-r--r-- | src/feature/stats/rephist.c | 30 | ||||
| -rw-r--r-- | src/lib/time/tvdiff.c | 22 | ||||
| -rw-r--r-- | src/lib/time/tvdiff.h | 2 | ||||
| -rw-r--r-- | src/rust/protover/protoset.rs | 17 | ||||
| -rw-r--r-- | src/rust/protover/protover.rs | 4 | ||||
| -rw-r--r-- | src/rust/protover/tests/protover.rs | 14 | ||||
| -rw-r--r-- | src/test/test_protover.c | 22 | ||||
| -rw-r--r-- | src/test/test_tortls_openssl.c | 45 |
17 files changed, 188 insertions, 50 deletions
diff --git a/changes/bug27165 b/changes/bug27165 new file mode 100644 index 0000000000..9e78d17e9d --- /dev/null +++ b/changes/bug27165 @@ -0,0 +1,4 @@ + o Minor bugfixes (C correctness): + - Use time_t for all values in predicted_ports_prediction_time_remaining(). + Rework the code that computes difference between durations/timestamps. + Fixes bug 27165; bugfix on 0.3.1.1-alpha. diff --git a/changes/bug27649 b/changes/bug27649 new file mode 100644 index 0000000000..55bfc3a842 --- /dev/null +++ b/changes/bug27649 @@ -0,0 +1,4 @@ + o Minor bugfixes (rust): + - The protover rewrite in 24031 allowed repeated votes from the same + voter for the same protocol version to be counted multiple times in + protover_compute_vote(). Fixes bug 27649; bugfix on 0.3.3.5-rc. diff --git a/changes/bug27658 b/changes/bug27658 new file mode 100644 index 0000000000..8cc0aa4714 --- /dev/null +++ b/changes/bug27658 @@ -0,0 +1,6 @@ + o Minor bugfixes (testing): + - If a unit test running in a subprocess exits abnormally or with a + nonzero status code, treat the test as having failed, even if + the test reported success. Without this fix, memory leaks don't cause + cause the tests to fail, even with LeakSanitizer. Fixes bug 27658; + bugfix on 0.2.2.4-alpha. diff --git a/changes/ticket27547 b/changes/ticket27547 new file mode 100644 index 0000000000..f60d4a482e --- /dev/null +++ b/changes/ticket27547 @@ -0,0 +1,7 @@ + o Major feature (hidden service v3): + - Implement client authorization at the descriptor level. A new torrc + option was added to control this client side: ClientOnionAuthDir <path>. + On the service side, if the "authorized_clients/" directory exists in + the onion service directory path, client configuration are read from the + files within. See the manpage for more details. Closes ticket 27547. + Patch done by Suphanat Chunhapanya (haxxpop). diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 869a8cedd7..37f21742b2 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -1087,6 +1087,16 @@ The following options are useful only for clients (that is, if services can be configured to require authorization using the **HiddenServiceAuthorizeClient** option. +[[ClientOnionAuthDir]] **ClientOnionAuthDir** __path__:: + Path to the directory containing the hidden service authorization file. The + files MUST have the suffix ".auth_private". Each file is for a single + onion address and their format is: + + + <onion-address>:descriptor:x25519:<base32-encoded-privkey> + + + The <onion-address> MUST NOT have the ".onion" suffix. See the + rend-spec-v3.txt Appendix G for more information. + [[LongLivedPorts]] **LongLivedPorts** __PORTS__:: A list of ports for services that tend to have long-running connections (e.g. chat and interactive shells). Circuits for streams that use these @@ -2896,6 +2906,26 @@ The following options are used to configure a hidden service. including setting SOCKSPort to "0". Can not be changed while tor is running. (Default: 0) +Client Authorization +-------------------- + +(Version 3 only) + +To configure client authorization on the service side, the +"<HiddenServiceDir>/authorized_clients/" needs to exists. Each file in that +directory should be suffixed with ".auth" (the file name is irrelevant) and +its content format MUST be: + + <auth-type>:<key-type>:<base32-encoded-public-key> + +The supported <auth-type> are: "descriptor". The supported <key-type> are: +"x25519". Each file MUST contain one line only. Any malformed file will be +ignored. + +Note that once you've configured client authorization, anyone else with the +address won't be able to access it from this point on. If no authorization is +configured, the service will be accessible to all. + TESTING NETWORK OPTIONS ----------------------- diff --git a/src/core/mainloop/connection.c b/src/core/mainloop/connection.c index ffc9010fb8..7ef7423b13 100644 --- a/src/core/mainloop/connection.c +++ b/src/core/mainloop/connection.c @@ -1506,8 +1506,13 @@ connection_listener_new(const struct sockaddr *listensockaddr, */ connection_check_oos(get_n_open_sockets(), 0); - log_notice(LD_NET, "Opened %s on %s", - conn_type_to_string(type), fmt_addrport(&addr, usePort)); + if (conn->socket_family == AF_UNIX) { + log_notice(LD_NET, "Opened %s on %s", + conn_type_to_string(type), conn->address); + } else { + log_notice(LD_NET, "Opened %s on %s", + conn_type_to_string(type), fmt_addrport(&addr, usePort)); + } return conn; err: @@ -2895,6 +2900,9 @@ retry_all_listeners(smartlist_t *new_conns, int close_all_noncontrol) } SMARTLIST_FOREACH_END(conn); smartlist_free(listeners); + /* Cleanup any remaining listener replacement. */ + SMARTLIST_FOREACH(replacements, listener_replacement_t *, r, tor_free(r)); + smartlist_free(replacements); if (old_or_port != router_get_advertised_or_port(options) || old_or_port_ipv6 != router_get_advertised_or_port_by_af(options, diff --git a/src/core/or/channelpadding.c b/src/core/or/channelpadding.c index 0a7e93d391..7c3a77f62c 100644 --- a/src/core/or/channelpadding.c +++ b/src/core/or/channelpadding.c @@ -657,6 +657,8 @@ channelpadding_get_circuits_available_timeout(void) // 30..60min by default timeout = timeout + crypto_rand_int(timeout); + tor_assert(timeout >= 0); + return timeout; } diff --git a/src/ext/tinytest.c b/src/ext/tinytest.c index 052fb6483f..16f11e4639 100644 --- a/src/ext/tinytest.c +++ b/src/ext/tinytest.c @@ -218,12 +218,20 @@ testcase_run_forked_(const struct testgroup_t *group, r = (int)read(outcome_pipe[0], b, 1); if (r == 0) { printf("[Lost connection!] "); - return 0; + return FAIL; } else if (r != 1) { perror("read outcome from pipe"); } - waitpid(pid, &status, 0); + r = waitpid(pid, &status, 0); close(outcome_pipe[0]); + if (r == -1) { + perror("waitpid"); + return FAIL; + } + if (! WIFEXITED(status) || WEXITSTATUS(status) != 0) { + printf("[did not exit cleanly.]"); + return FAIL; + } return b[0]=='Y' ? OK : (b[0]=='S' ? SKIP : FAIL); } #endif diff --git a/src/feature/hs/hs_service.c b/src/feature/hs/hs_service.c index 30d23eb771..b01f9f0adf 100644 --- a/src/feature/hs/hs_service.c +++ b/src/feature/hs/hs_service.c @@ -18,6 +18,7 @@ #include "lib/crypt_ops/crypto_rand.h" #include "lib/crypt_ops/crypto_util.h" #include "lib/crypt_ops/crypto_ope.h" +#include "lib/crypt_ops/crypto_rand.h" #include "feature/dircache/directory.h" #include "core/mainloop/main.h" #include "feature/nodelist/networkstatus.h" @@ -1799,6 +1800,10 @@ build_service_desc_superencrypted(const hs_service_t *service, smartlist_add(superencrypted->clients, desc_client); } + /* Shuffle the list to prevent the client know the position in the + * config. */ + smartlist_shuffle(superencrypted->clients); + return 0; } diff --git a/src/feature/stats/rephist.c b/src/feature/stats/rephist.c index e24728ca76..405efc26ec 100644 --- a/src/feature/stats/rephist.c +++ b/src/feature/stats/rephist.c @@ -97,6 +97,7 @@ #include "lib/container/order.h" #include "lib/math/fp.h" #include "lib/math/laplace.h" +#include "lib/time/tvdiff.h" #ifdef HAVE_FCNTL_H #include <fcntl.h> @@ -1548,7 +1549,7 @@ typedef struct predicted_port_t { /** A list of port numbers that have been used recently. */ static smartlist_t *predicted_ports_list=NULL; /** How long do we keep predicting circuits? */ -static int prediction_timeout=0; +static time_t prediction_timeout=0; /** When was the last time we added a prediction entry (HS or port) */ static time_t last_prediction_add_time=0; @@ -1558,30 +1559,30 @@ static time_t last_prediction_add_time=0; int predicted_ports_prediction_time_remaining(time_t now) { - time_t idle_delta; + time_t seconds_waited; + time_t seconds_left; /* Protect against overflow of return value. This can happen if the clock * jumps backwards in time. Update the last prediction time (aka last * active time) to prevent it. This update is preferable to using monotonic * time because it prevents clock jumps into the past from simply causing * very long idle timeouts while the monotonic time stands still. */ - if (last_prediction_add_time > now) { + seconds_waited = time_diff(last_prediction_add_time, now); + if (seconds_waited == TIME_MAX) { last_prediction_add_time = now; - idle_delta = 0; - } else { - idle_delta = now - last_prediction_add_time; + seconds_waited = 0; } /* Protect against underflow of the return value. This can happen for very * large periods of inactivity/system sleep. */ - if (idle_delta > prediction_timeout) + if (seconds_waited > prediction_timeout) return 0; - if (BUG((prediction_timeout - idle_delta) > INT_MAX)) { + seconds_left = time_diff(seconds_waited, prediction_timeout); + if (BUG(seconds_left == TIME_MAX)) return INT_MAX; - } - return (int)(prediction_timeout - idle_delta); + return (int)(seconds_left); } /** We just got an application request for a connection with @@ -1595,7 +1596,8 @@ add_predicted_port(time_t now, uint16_t port) // If the list is empty, re-randomize predicted ports lifetime if (!any_predicted_circuits(now)) { - prediction_timeout = channelpadding_get_circuits_available_timeout(); + prediction_timeout = + (time_t)channelpadding_get_circuits_available_timeout(); } last_prediction_add_time = now; @@ -1679,7 +1681,7 @@ rep_hist_get_predicted_ports(time_t now) smartlist_t *out = smartlist_new(); tor_assert(predicted_ports_list); - predicted_circs_relevance_time = prediction_timeout; + predicted_circs_relevance_time = (int)prediction_timeout; /* clean out obsolete entries */ SMARTLIST_FOREACH_BEGIN(predicted_ports_list, predicted_port_t *, pp) { @@ -1765,7 +1767,7 @@ rep_hist_get_predicted_internal(time_t now, int *need_uptime, { int predicted_circs_relevance_time; - predicted_circs_relevance_time = prediction_timeout; + predicted_circs_relevance_time = (int)prediction_timeout; if (!predicted_internal_time) { /* initialize it */ predicted_internal_time = now; @@ -1787,7 +1789,7 @@ int any_predicted_circuits(time_t now) { int predicted_circs_relevance_time; - predicted_circs_relevance_time = prediction_timeout; + predicted_circs_relevance_time = (int)prediction_timeout; return smartlist_len(predicted_ports_list) || predicted_internal_time + predicted_circs_relevance_time >= now; diff --git a/src/lib/time/tvdiff.c b/src/lib/time/tvdiff.c index 8617110e52..bc8a1166e7 100644 --- a/src/lib/time/tvdiff.c +++ b/src/lib/time/tvdiff.c @@ -165,3 +165,25 @@ tv_to_msec(const struct timeval *tv) conv += ((int64_t)tv->tv_usec+500)/1000L; return conv; } + +/** + * Return duration in seconds between time_t values + * <b>t1</b> and <b>t2</b> iff <b>t1</b> is numerically + * less or equal than <b>t2</b>. Otherwise, return TIME_MAX. + * + * This provides a safe way to compute difference between + * two UNIX timestamps (<b>t2</b> can be assumed by calling + * code to be later than <b>t1</b>) or two durations measured + * in seconds (<b>t2</b> can be assumed to be longer than + * <b>t1</b>). Calling code is expected to check for TIME_MAX + * return value and interpret that as error condition. + */ +time_t +time_diff(const time_t t1, const time_t t2) +{ + if (t1 <= t2) + return t2 - t1; + + return TIME_MAX; +} + diff --git a/src/lib/time/tvdiff.h b/src/lib/time/tvdiff.h index d78330d7d8..a15ce52ad6 100644 --- a/src/lib/time/tvdiff.h +++ b/src/lib/time/tvdiff.h @@ -18,4 +18,6 @@ long tv_udiff(const struct timeval *start, const struct timeval *end); long tv_mdiff(const struct timeval *start, const struct timeval *end); int64_t tv_to_msec(const struct timeval *tv); +time_t time_diff(const time_t from, const time_t to); + #endif diff --git a/src/rust/protover/protoset.rs b/src/rust/protover/protoset.rs index db33592f95..d3eb8b649c 100644 --- a/src/rust/protover/protoset.rs +++ b/src/rust/protover/protoset.rs @@ -174,7 +174,7 @@ impl ProtoSet { if low == u32::MAX || high == u32::MAX { return Err(ProtoverError::ExceedsMax); } - if low < last_high { + if low <= last_high { return Err(ProtoverError::Overlap); } else if low > high { return Err(ProtoverError::LowGreaterThanHigh); @@ -521,7 +521,6 @@ mod test { test_protoset_contains_versions!(&[1], "1"); test_protoset_contains_versions!(&[1, 2], "1,2"); test_protoset_contains_versions!(&[1, 2, 3], "1-3"); - test_protoset_contains_versions!(&[0, 1], "0-1"); test_protoset_contains_versions!(&[1, 2, 5], "1-2,5"); test_protoset_contains_versions!(&[1, 3, 4, 5], "1,3-5"); test_protoset_contains_versions!(&[42, 55, 56, 57, 58], "42,55-58"); @@ -597,9 +596,9 @@ mod test { #[test] fn test_protoset_contains() { - let protoset: ProtoSet = ProtoSet::from_slice(&[(0, 5), (7, 9), (13, 14)]).unwrap(); + let protoset: ProtoSet = ProtoSet::from_slice(&[(1, 5), (7, 9), (13, 14)]).unwrap(); - for x in 0..6 { + for x in 1..6 { assert!(protoset.contains(&x), format!("should contain {}", x)); } for x in 7..10 { @@ -615,10 +614,10 @@ mod test { } #[test] - fn test_protoset_contains_0_3() { - let protoset: ProtoSet = ProtoSet::from_slice(&[(0, 3)]).unwrap(); + fn test_protoset_contains_1_3() { + let protoset: ProtoSet = ProtoSet::from_slice(&[(1, 3)]).unwrap(); - for x in 0..4 { + for x in 1..4 { assert!(protoset.contains(&x), format!("should contain {}", x)); } } @@ -640,8 +639,8 @@ mod test { } #[test] - fn test_protoset_from_vec_0_315() { - assert_protoset_from_vec_contains_all!(0, 1, 2, 3, 15); + fn test_protoset_from_vec_1_315() { + assert_protoset_from_vec_contains_all!(1, 2, 3, 15); } #[test] diff --git a/src/rust/protover/protover.rs b/src/rust/protover/protover.rs index 157027750f..8f99a8a8eb 100644 --- a/src/rust/protover/protover.rs +++ b/src/rust/protover/protover.rs @@ -862,10 +862,10 @@ mod test { #[test] fn test_protoentry_all_supported_unsupported_low_version() { - let protocols: UnvalidatedProtoEntry = "Cons=0-1".parse().unwrap(); + let protocols: UnvalidatedProtoEntry = "HSIntro=2-3".parse().unwrap(); let unsupported: Option<UnvalidatedProtoEntry> = protocols.all_supported(); assert_eq!(true, unsupported.is_some()); - assert_eq!("Cons=0", &unsupported.unwrap().to_string()); + assert_eq!("HSIntro=2", &unsupported.unwrap().to_string()); } #[test] diff --git a/src/rust/protover/tests/protover.rs b/src/rust/protover/tests/protover.rs index a091e692d6..5d6c2c9e70 100644 --- a/src/rust/protover/tests/protover.rs +++ b/src/rust/protover/tests/protover.rs @@ -106,10 +106,10 @@ fn protocol_all_supported_with_unsupported_versions() { #[test] fn protocol_all_supported_with_unsupported_low_version() { - let protocols: UnvalidatedProtoEntry = "Cons=0-1".parse().unwrap(); + let protocols: UnvalidatedProtoEntry = "HSIntro=2-3".parse().unwrap(); let unsupported: Option<UnvalidatedProtoEntry> = protocols.all_supported(); assert_eq!(true, unsupported.is_some()); - assert_eq!("Cons=0", &unsupported.unwrap().to_string()); + assert_eq!("HSIntro=2", &unsupported.unwrap().to_string()); } #[test] @@ -364,18 +364,18 @@ fn protover_all_supported_should_exclude_some_versions_and_entire_protocols() { #[test] fn protover_all_supported_should_not_dos_anyones_computer() { - let proto: UnvalidatedProtoEntry = "Sleen=0-2147483648".parse().unwrap(); + let proto: UnvalidatedProtoEntry = "Sleen=1-2147483648".parse().unwrap(); let result: String = proto.all_supported().unwrap().to_string(); - assert_eq!(result, "Sleen=0-2147483648".to_string()); + assert_eq!(result, "Sleen=1-2147483648".to_string()); } #[test] fn protover_all_supported_should_not_dos_anyones_computer_max_versions() { - let proto: UnvalidatedProtoEntry = "Sleen=0-4294967294".parse().unwrap(); + let proto: UnvalidatedProtoEntry = "Sleen=1-4294967294".parse().unwrap(); let result: String = proto.all_supported().unwrap().to_string(); - assert_eq!(result, "Sleen=0-4294967294".to_string()); + assert_eq!(result, "Sleen=1-4294967294".to_string()); } #[test] @@ -398,7 +398,7 @@ fn protover_unvalidatedprotoentry_should_err_entirely_unparseable_things() { #[test] fn protover_all_supported_over_maximum_limit() { - let proto: Result<UnvalidatedProtoEntry, ProtoverError> = "Sleen=0-4294967295".parse(); + let proto: Result<UnvalidatedProtoEntry, ProtoverError> = "Sleen=1-4294967295".parse(); assert_eq!(Err(ProtoverError::ExceedsMax), proto); } diff --git a/src/test/test_protover.c b/src/test/test_protover.c index 38bc02f1d7..9a2b6f6be3 100644 --- a/src/test/test_protover.c +++ b/src/test/test_protover.c @@ -298,13 +298,13 @@ test_protover_all_supported(void *arg) tor_free(msg); /* We shouldn't be able to DoS ourselves parsing a large range. */ - tt_assert(! protover_all_supported("Sleen=0-2147483648", &msg)); - tt_str_op(msg, OP_EQ, "Sleen=0-2147483648"); + tt_assert(! protover_all_supported("Sleen=1-2147483648", &msg)); + tt_str_op(msg, OP_EQ, "Sleen=1-2147483648"); tor_free(msg); /* This case is allowed. */ - tt_assert(! protover_all_supported("Sleen=0-4294967294", &msg)); - tt_str_op(msg, OP_EQ, "Sleen=0-4294967294"); + tt_assert(! protover_all_supported("Sleen=1-4294967294", &msg)); + tt_str_op(msg, OP_EQ, "Sleen=1-4294967294"); tor_free(msg); /* If we get a (barely) valid (but unsupported list, we say "yes, that's @@ -321,7 +321,7 @@ test_protover_all_supported(void *arg) /* If we get a completely unparseable list, protover_all_supported should * hit a fatal assertion for BUG(entries == NULL). */ tor_capture_bugs_(1); - tt_assert(protover_all_supported("Sleen=0-4294967295", &msg)); + tt_assert(protover_all_supported("Sleen=1-4294967295", &msg)); tor_end_capture_bugs_(); /* Protocol name too long */ @@ -556,11 +556,11 @@ test_protover_vote_roundtrip(void *args) { "Zn=4294967295-1", NULL }, { "Zn=4294967293-4294967295", NULL }, /* Will fail because of 4294967295. */ - { "Foo=1,3 Bar=3 Baz= Quux=9-12,14,15-16,900 Zn=0,4294967295", + { "Foo=1,3 Bar=3 Baz= Quux=9-12,14,15-16,900 Zn=1,4294967295", NULL }, - { "Foo=1,3 Bar=3 Baz= Quux=9-12,14,15-16,900 Zn=0,4294967294", - "Bar=3 Foo=1,3 Quux=9-12,14-16,900 Zn=0,4294967294" }, - { "Zu16=0,65536", "Zu16=0,65536" }, + { "Foo=1,3 Bar=3 Baz= Quux=9-12,14,15-16,900 Zn=1,4294967294", + "Bar=3 Foo=1,3 Quux=9-12,14-16,900 Zn=1,4294967294" }, + { "Zu16=1,65536", "Zu16=1,65536" }, { "N-1=1,2", "N-1=1-2" }, { "-1=4294967295", NULL }, { "-1=3", "-1=3" }, @@ -597,9 +597,9 @@ test_protover_vote_roundtrip(void *args) { "Sleen=1-501", "Sleen=1-501" }, { "Sleen=1-65537", NULL }, /* Both C/Rust implementations should be able to handle this mild DoS. */ - { "Sleen=0-2147483648", NULL }, + { "Sleen=1-2147483648", NULL }, /* Rust tests are built in debug mode, so ints are bounds-checked. */ - { "Sleen=0-4294967295", NULL }, + { "Sleen=1-4294967295", NULL }, }; unsigned u; smartlist_t *votes = smartlist_new(); diff --git a/src/test/test_tortls_openssl.c b/src/test/test_tortls_openssl.c index 6086252882..abe1fb7889 100644 --- a/src/test/test_tortls_openssl.c +++ b/src/test/test_tortls_openssl.c @@ -1007,6 +1007,7 @@ test_tortls_try_to_extract_certs_from_tls(void *ignored) tt_assert(cert == c1); tt_assert(id_cert); X509_free(cert); /* decrease refcnt */ + X509_free(id_cert); /* decrease refcnt */ done: sk_X509_free(sess->cert_chain); @@ -1848,16 +1849,44 @@ fixed_tor_tls_create_certificate(crypto_pk_t *rsa, (void)cname; (void)cname_sign; (void)cert_lifetime; - return fixed_tor_tls_create_certificate_result[ + X509 *result = fixed_tor_tls_create_certificate_result[ fixed_tor_tls_create_certificate_result_index++]; + if (result) + return X509_dup(result); + else + return NULL; +} + +static void +fixed_tor_tls_create_certificate_results_free(void) +{ + unsigned i; + for (i = 0; i < ARRAY_LENGTH(fixed_tor_tls_create_certificate_result); ++i) { + X509 *cert = fixed_tor_tls_create_certificate_result[i]; + if (cert) + X509_free(cert); + fixed_tor_tls_create_certificate_result[i] = NULL; + } +} + +static void +fixed_tor_x509_cert_new_results_free(void) +{ + unsigned i; + for (i = 0; i < ARRAY_LENGTH(fixed_tor_x509_cert_new_result); ++i) { + tor_x509_cert_free(fixed_tor_x509_cert_new_result[i]); + } } static tor_x509_cert_t * fixed_tor_x509_cert_new(tor_x509_cert_impl_t *x509_cert) { (void) x509_cert; - return fixed_tor_x509_cert_new_result[ - fixed_tor_x509_cert_new_result_index++]; + tor_x509_cert_t **certp = + &fixed_tor_x509_cert_new_result[fixed_tor_x509_cert_new_result_index++]; + tor_x509_cert_t *cert = *certp; + *certp = NULL; + return cert; } static void @@ -1937,6 +1966,7 @@ test_tortls_context_new(void *ignored) fixed_tor_tls_create_certificate_result[2] = X509_new(); ret = tor_tls_context_new(NULL, 0, 0, 0); tt_assert(!ret); + fixed_tor_tls_create_certificate_results_free(); fixed_crypto_pk_new_result_index = 0; fixed_crypto_pk_new_result[0] = pk7; @@ -1949,6 +1979,7 @@ test_tortls_context_new(void *ignored) fixed_tor_tls_create_certificate_result[2] = X509_new(); ret = tor_tls_context_new(NULL, 0, 0, 0); tt_assert(!ret); + fixed_tor_tls_create_certificate_results_free(); fixed_crypto_pk_new_result_index = 0; fixed_crypto_pk_new_result[0] = pk9; @@ -1961,6 +1992,7 @@ test_tortls_context_new(void *ignored) fixed_tor_tls_create_certificate_result[2] = NULL; ret = tor_tls_context_new(NULL, 0, 0, 0); tt_assert(!ret); + fixed_tor_tls_create_certificate_results_free(); MOCK(tor_x509_cert_new, fixed_tor_x509_cert_new); fixed_crypto_pk_new_result_index = 0; @@ -1978,6 +2010,7 @@ test_tortls_context_new(void *ignored) fixed_tor_x509_cert_new_result[2] = NULL; ret = tor_tls_context_new(NULL, 0, 0, 0); tt_assert(!ret); + fixed_tor_tls_create_certificate_results_free(); fixed_crypto_pk_new_result_index = 0; fixed_crypto_pk_new_result[0] = pk13; @@ -1994,6 +2027,8 @@ test_tortls_context_new(void *ignored) fixed_tor_x509_cert_new_result[2] = NULL; ret = tor_tls_context_new(NULL, 0, 0, 0); tt_assert(!ret); + fixed_tor_tls_create_certificate_results_free(); + fixed_tor_x509_cert_new_results_free(); fixed_crypto_pk_new_result_index = 0; fixed_crypto_pk_new_result[0] = pk15; @@ -2010,6 +2045,8 @@ test_tortls_context_new(void *ignored) fixed_tor_x509_cert_new_result[2] = NULL; ret = tor_tls_context_new(NULL, 0, 0, 0); tt_assert(!ret); + fixed_tor_tls_create_certificate_results_free(); + fixed_tor_x509_cert_new_results_free(); fixed_crypto_pk_new_result_index = 0; fixed_crypto_pk_new_result[0] = pk17; @@ -2028,6 +2065,8 @@ test_tortls_context_new(void *ignored) tt_assert(!ret); done: + fixed_tor_tls_create_certificate_results_free(); + fixed_tor_x509_cert_new_results_free(); UNMOCK(tor_x509_cert_new); UNMOCK(tor_tls_create_certificate); UNMOCK(crypto_pk_generate_key_with_bits); |