From 4a3b7496f0c47b0d00c9744698eaa237e601b32a Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Wed, 16 Jan 2008 05:27:19 +0000
Subject:  r17639@catbus:  nickm | 2008-01-15 19:09:21 -0500  Fix some hard to
 trigger but nonetheless real memory leaks spotted by an anonymous
 contributor.  Needs review.  Partial backport candidate.

svn:r13147
---
 src/or/onion.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'src/or/onion.c')

diff --git a/src/or/onion.c b/src/or/onion.c
index aa42ab6c66..fb516da242 100644
--- a/src/or/onion.c
+++ b/src/or/onion.c
@@ -336,14 +336,13 @@ onion_skin_client_handshake(crypto_dh_env_t *handshake_state,
   len = crypto_dh_compute_secret(handshake_state, handshake_reply, DH_KEY_LEN,
                                  key_material, 20+key_out_len);
   if (len < 0)
-    return -1;
+    goto err;
 
   if (memcmp(key_material, handshake_reply+DH_KEY_LEN, 20)) {
     /* H(K) does *not* match. Something fishy. */
-    tor_free(key_material);
     log_warn(LD_PROTOCOL,"Digest DOES NOT MATCH on onion handshake. "
              "Bug or attack.");
-    return -1;
+    goto err;
   }
 
   /* use the rest of the key material for our shared keys, digests, etc */
@@ -357,6 +356,9 @@ onion_skin_client_handshake(crypto_dh_env_t *handshake_state,
 
   tor_free(key_material);
   return 0;
+ err:
+  tor_free(key_material);
+  return -1;
 }
 
 /** Implement the server side of the CREATE_FAST abbreviated handshake.  The
@@ -429,6 +431,7 @@ fast_client_handshake(const char *handshake_state, /* DIGEST_LEN bytes */
     /* H(K) does *not* match. Something fishy. */
     log_warn(LD_PROTOCOL,"Digest DOES NOT MATCH on fast handshake. "
              "Bug or attack.");
+    tor_free(out);
     return -1;
   }
   memcpy(key_out, out+DIGEST_LEN, key_out_len);
-- 
cgit v1.2.3-54-g00ecf