From 5dce1829bf8615f78975e1b7d651e97c266b509a Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 28 May 2015 13:23:09 -0400 Subject: Avoid double-free on rend_add_service() failure Rend_add_service() frees its argument on failure; no need to free again. Fixes bug 16228, bugfix on 0.2.7.1-alpha Found by coverity; this is CID 1301387. --- changes/bug16228 | 4 ++++ src/or/rendservice.c | 3 +-- 2 files changed, 5 insertions(+), 2 deletions(-) create mode 100644 changes/bug16228 diff --git a/changes/bug16228 b/changes/bug16228 new file mode 100644 index 0000000000..bf36cf82ea --- /dev/null +++ b/changes/bug16228 @@ -0,0 +1,4 @@ + o Minor bugfixes (hidden services): + - Avoid crashing with a double-free bug when we create an + ephemeral hidden service but adding it fails for some reason. + Fixes bug 16228; bugfix on 0.2.7.1-alpha. diff --git a/src/or/rendservice.c b/src/or/rendservice.c index 0329d70924..d27b06d5df 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -256,7 +256,7 @@ rend_service_free_all(void) } /** Validate service and add it to rend_service_list if possible. - * Return 0 on success and -1 on failure. + * Return 0 on success. On failure, free service and return -1. */ static int rend_add_service(rend_service_t *service) @@ -868,7 +868,6 @@ rend_service_add_ephemeral(crypto_pk_t *pk, /* Initialize the service. */ if (rend_add_service(s)) { - rend_service_free(s); return RSAE_INTERNAL; } *service_id_out = tor_strdup(s->service_id); -- cgit v1.2.3-54-g00ecf