From 9ca2394d6b51242bb5cf380757be5869d2a44c3c Mon Sep 17 00:00:00 2001
From: David Goulet <dgoulet@torproject.org>
Date: Tue, 23 Mar 2021 09:19:41 -0400
Subject: channel: Fix use after free in channel_do_open_actions()

Fortunately, our tor_free() is setting the variable to NULL after so we were
in a situation where NULL was always used instead of the transport name.

This first appeared in 894ff2dc8422cb86312c512698acd76476224f87 and results in
basically no bridge with a transport being able to use DoS defenses.

Fixes #40345

Signed-off-by: David Goulet <dgoulet@torproject.org>
---
 changes/ticket40345 | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 changes/ticket40345

(limited to 'changes')

diff --git a/changes/ticket40345 b/changes/ticket40345
new file mode 100644
index 0000000000..246e4a86af
--- /dev/null
+++ b/changes/ticket40345
@@ -0,0 +1,5 @@
+  o Minor bugfixes (channel, DoS):
+    - Fix a possible non fatal assertion BUG() due to a too early free of a
+      string when noting down the client connection for the DoS defenses
+      subsystem. Fixes bug 40345; bugfix on 0.4.3.4-rc
+
-- 
cgit v1.2.3-54-g00ecf