From 78bcfc1280b322ba57a10a116457616eeb742ab6 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Sat, 14 Mar 2020 14:44:33 -0400 Subject: circpad_setup_machine_on_circ(): exit early on error. This function does a nonfatal assertion to make sure that a machine is not registered twice, but Tobias Pulls found a case where it happens. Instead, make the function exit early so that it doesn't cause a remotely triggered memory leak. Fixes bug 33619; bugfix on 0.4.0.1-alpha. This is also tracked as TROVE-2020-004. --- changes/ticket33619 | 5 +++++ src/core/or/circuitpadding.c | 9 ++++++--- 2 files changed, 11 insertions(+), 3 deletions(-) create mode 100644 changes/ticket33619 diff --git a/changes/ticket33619 b/changes/ticket33619 new file mode 100644 index 0000000000..3c52858b35 --- /dev/null +++ b/changes/ticket33619 @@ -0,0 +1,5 @@ + o Major bugfixes (circuit padding, memory leaks): + - Avoid a remotely triggered memory leak in the case that a circuit + padding machine is somehow negotiated twice on the same circuit. Fixes + bug 33619; bugfix on 0.4.0.1-alpha. Found by Tobias Pulls. This is + also tracked as TROVE-2020-004. diff --git a/src/core/or/circuitpadding.c b/src/core/or/circuitpadding.c index a62cdcf9e6..72b770113c 100644 --- a/src/core/or/circuitpadding.c +++ b/src/core/or/circuitpadding.c @@ -2381,9 +2381,12 @@ circpad_setup_machine_on_circ(circuit_t *on_circ, return; } - tor_assert_nonfatal(on_circ->padding_machine[machine->machine_index] - == NULL); - tor_assert_nonfatal(on_circ->padding_info[machine->machine_index] == NULL); + IF_BUG_ONCE(on_circ->padding_machine[machine->machine_index] != NULL) { + return; + } + IF_BUG_ONCE(on_circ->padding_info[machine->machine_index] != NULL) { + return; + } /* Log message */ if (CIRCUIT_IS_ORIGIN(on_circ)) { -- cgit v1.2.3-54-g00ecf