March 2018 - tor-commits - lists.torproject.org

[tor/release-0.3.1] Fix CID 1430932
by nickm＠torproject.org 28 Mar '18

28 Mar '18

commit 4bb7d9fd1241a3c263636efa03ee8c62ab744515 Author: Taylor Yu <catalyst(a)torproject.org> Date: Mon Mar 26 17:51:50 2018 -0500 Fix CID 1430932 Coverity found a null pointer reference in nodelist_add_microdesc(). This is almost certainly impossible assuming that the routerstatus_t returned by router_get_consensus_status_by_descriptor_digest() always corresponds to an entry in the nodelist. Fixes bug 25629. --- changes/bug25629 | 3 +++ src/or/nodelist.c | 13 ++++++------- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/changes/bug25629 b/changes/bug25629 new file mode 100644 index 000000000..190928a94 --- /dev/null +++ b/changes/bug25629 @@ -0,0 +1,3 @@ + o Minor bugfixes (C correctness): + - Fix a very unlikely null pointer dereference. Fixes bug 25629; + bugfix on 0.2.9.15. Found by Coverity; this is CID 1430932. diff --git a/src/or/nodelist.c b/src/or/nodelist.c index 5a02648c5..26f990b08 100644 --- a/src/or/nodelist.c +++ b/src/or/nodelist.c @@ -263,13 +263,12 @@ nodelist_add_microdesc(microdesc_t *md) if (rs == NULL) return NULL; node = node_get_mutable_by_id(rs->identity_digest); - if (node) { - if (node->md) - node->md->held_by_nodes--; - node->md = md; - md->held_by_nodes++; - } - + if (node == NULL) + return NULL; + if (node->md) + node->md->held_by_nodes--; + node->md = md; + md->held_by_nodes++; node_add_to_address_set(node); return node;

1 0

[tor/master] Merge branch 'maint-0.3.3'
by nickm＠torproject.org 28 Mar '18

28 Mar '18

commit fa6eaab83e05a11b60735f7bf4064b05e7085230 Merge: 979c7e5c8 ddee28a3c Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Mar 27 18:25:52 2018 -0400 Merge branch 'maint-0.3.3' changes/bug25629 | 3 +++ src/or/nodelist.c | 28 ++++++++++++++-------------- 2 files changed, 17 insertions(+), 14 deletions(-)

1 0

[tor/release-0.3.1] Merge branch 'maint-0.2.9' into maint-0.3.1
by nickm＠torproject.org 28 Mar '18

28 Mar '18

commit 5acfc3087663340f55de6081cdd13b484525f43a Merge: 068d09274 4bb7d9fd1 Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Mar 27 18:23:53 2018 -0400 Merge branch 'maint-0.2.9' into maint-0.3.1 changes/bug25629 | 3 +++ src/or/nodelist.c | 13 ++++++------- 2 files changed, 9 insertions(+), 7 deletions(-)

1 0

[tor/master] Merge branch 'maint-0.2.9' into maint-0.3.1
by nickm＠torproject.org 28 Mar '18

28 Mar '18

commit 5acfc3087663340f55de6081cdd13b484525f43a Merge: 068d09274 4bb7d9fd1 Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Mar 27 18:23:53 2018 -0400 Merge branch 'maint-0.2.9' into maint-0.3.1 changes/bug25629 | 3 +++ src/or/nodelist.c | 13 ++++++------- 2 files changed, 9 insertions(+), 7 deletions(-)

1 0

[tor/release-0.2.9] Merge branch 'maint-0.2.9' into release-0.2.9
by nickm＠torproject.org 28 Mar '18

28 Mar '18

commit c26fa05370b858035e5a8b92c21deb78dbc1f8ea Merge: 2a0865898 4bb7d9fd1 Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Mar 27 18:23:53 2018 -0400 Merge branch 'maint-0.2.9' into release-0.2.9 changes/bug25629 | 3 +++ src/or/nodelist.c | 13 ++++++------- 2 files changed, 9 insertions(+), 7 deletions(-)

1 0

[tor/master] Fix CID 1430932
by nickm＠torproject.org 28 Mar '18

28 Mar '18

commit 0c13a84c0d9282e597227d117e23216bb459caad Author: Taylor Yu <catalyst(a)torproject.org> Date: Mon Mar 26 18:05:16 2018 -0500 Fix CID 1430932 Coverity found a null pointer reference in nodelist_add_microdesc(). This is almost certainly impossible assuming that the routerstatus_t returned by router_get_consensus_status_by_descriptor_digest() always corresponds to an entry in the nodelist. Fixes bug 25629. --- changes/bug25629 | 3 +++ src/or/nodelist.c | 28 ++++++++++++++-------------- 2 files changed, 17 insertions(+), 14 deletions(-) diff --git a/changes/bug25629 b/changes/bug25629 new file mode 100644 index 000000000..190928a94 --- /dev/null +++ b/changes/bug25629 @@ -0,0 +1,3 @@ + o Minor bugfixes (C correctness): + - Fix a very unlikely null pointer dereference. Fixes bug 25629; + bugfix on 0.2.9.15. Found by Coverity; this is CID 1430932. diff --git a/src/or/nodelist.c b/src/or/nodelist.c index 9a477ecf4..ac9449855 100644 --- a/src/or/nodelist.c +++ b/src/or/nodelist.c @@ -525,22 +525,22 @@ nodelist_add_microdesc(microdesc_t *md) if (rs == NULL) return NULL; node = node_get_mutable_by_id(rs->identity_digest); - if (node) { - node_remove_from_ed25519_map(node); - if (node->md) - node->md->held_by_nodes--; + if (node == NULL) + return NULL; - node->md = md; - md->held_by_nodes++; - /* Setting the HSDir index requires the ed25519 identity key which can - * only be found either in the ri or md. This is why this is called here. - * Only nodes supporting HSDir=2 protocol version needs this index. */ - if (rs->supports_v3_hsdir) { - node_set_hsdir_index(node, ns); - } - node_add_to_ed25519_map(node); - } + node_remove_from_ed25519_map(node); + if (node->md) + node->md->held_by_nodes--; + node->md = md; + md->held_by_nodes++; + /* Setting the HSDir index requires the ed25519 identity key which can + * only be found either in the ri or md. This is why this is called here. + * Only nodes supporting HSDir=2 protocol version needs this index. */ + if (rs->supports_v3_hsdir) { + node_set_hsdir_index(node, ns); + } + node_add_to_ed25519_map(node); node_add_to_address_set(node); return node;

1 0

[tor/master] Merge branch 'maint-0.3.2' into maint-0.3.3
by nickm＠torproject.org 28 Mar '18

28 Mar '18

commit da5173c83148b4b437488571c2f6e88dc2e175eb Merge: 46c2b0ca2 0b795ce6d Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Mar 27 18:25:31 2018 -0400 Merge branch 'maint-0.3.2' into maint-0.3.3

1 0

[tor/master] Fix CID 1430932
by nickm＠torproject.org 28 Mar '18

28 Mar '18

commit 471f28a2a85b8db8315f518aff456440f9791877 Author: Taylor Yu <catalyst(a)torproject.org> Date: Mon Mar 26 19:29:59 2018 -0500 Fix CID 1430932 Coverity found a null pointer reference in nodelist_add_microdesc(). This is almost certainly impossible assuming that the routerstatus_t returned by router_get_consensus_status_by_descriptor_digest() always corresponds to an entry in the nodelist. Fixes bug 25629. --- changes/bug25629 | 3 +++ src/or/nodelist.c | 28 ++++++++++++++-------------- 2 files changed, 17 insertions(+), 14 deletions(-) diff --git a/changes/bug25629 b/changes/bug25629 new file mode 100644 index 000000000..190928a94 --- /dev/null +++ b/changes/bug25629 @@ -0,0 +1,3 @@ + o Minor bugfixes (C correctness): + - Fix a very unlikely null pointer dereference. Fixes bug 25629; + bugfix on 0.2.9.15. Found by Coverity; this is CID 1430932. diff --git a/src/or/nodelist.c b/src/or/nodelist.c index 391b31d68..125dd8b9f 100644 --- a/src/or/nodelist.c +++ b/src/or/nodelist.c @@ -507,22 +507,22 @@ nodelist_add_microdesc(microdesc_t *md) if (rs == NULL) return NULL; node = node_get_mutable_by_id(rs->identity_digest); - if (node) { - node_remove_from_ed25519_map(node); - if (node->md) - node->md->held_by_nodes--; + if (node == NULL) + return NULL; - node->md = md; - md->held_by_nodes++; - /* Setting the HSDir index requires the ed25519 identity key which can - * only be found either in the ri or md. This is why this is called here. - * Only nodes supporting HSDir=2 protocol version needs this index. */ - if (rs->pv.supports_v3_hsdir) { - node_set_hsdir_index(node, ns); - } - node_add_to_ed25519_map(node); - } + node_remove_from_ed25519_map(node); + if (node->md) + node->md->held_by_nodes--; + node->md = md; + md->held_by_nodes++; + /* Setting the HSDir index requires the ed25519 identity key which can + * only be found either in the ri or md. This is why this is called here. + * Only nodes supporting HSDir=2 protocol version needs this index. */ + if (rs->pv.supports_v3_hsdir) { + node_set_hsdir_index(node, ns); + } + node_add_to_ed25519_map(node); node_add_to_address_set(node); return node;

1 0

[tor/master] Merge remote-tracking branch 'catalyst-github/bug25629-032' into maint-0.3.2
by nickm＠torproject.org 28 Mar '18

28 Mar '18

commit 0b795ce6de339ccdabe17cb78f632df6f74901e2 Merge: 5e7d50585 0c13a84c0 Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Mar 27 18:24:59 2018 -0400 Merge remote-tracking branch 'catalyst-github/bug25629-032' into maint-0.3.2 changes/bug25629 | 3 +++ src/or/nodelist.c | 28 ++++++++++++++-------------- 2 files changed, 17 insertions(+), 14 deletions(-)

1 0

[tor/release-0.3.2] Fix CID 1430932
by nickm＠torproject.org 28 Mar '18

28 Mar '18

commit 4bb7d9fd1241a3c263636efa03ee8c62ab744515 Author: Taylor Yu <catalyst(a)torproject.org> Date: Mon Mar 26 17:51:50 2018 -0500 Fix CID 1430932 Coverity found a null pointer reference in nodelist_add_microdesc(). This is almost certainly impossible assuming that the routerstatus_t returned by router_get_consensus_status_by_descriptor_digest() always corresponds to an entry in the nodelist. Fixes bug 25629. --- changes/bug25629 | 3 +++ src/or/nodelist.c | 13 ++++++------- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/changes/bug25629 b/changes/bug25629 new file mode 100644 index 000000000..190928a94 --- /dev/null +++ b/changes/bug25629 @@ -0,0 +1,3 @@ + o Minor bugfixes (C correctness): + - Fix a very unlikely null pointer dereference. Fixes bug 25629; + bugfix on 0.2.9.15. Found by Coverity; this is CID 1430932. diff --git a/src/or/nodelist.c b/src/or/nodelist.c index 5a02648c5..26f990b08 100644 --- a/src/or/nodelist.c +++ b/src/or/nodelist.c @@ -263,13 +263,12 @@ nodelist_add_microdesc(microdesc_t *md) if (rs == NULL) return NULL; node = node_get_mutable_by_id(rs->identity_digest); - if (node) { - if (node->md) - node->md->held_by_nodes--; - node->md = md; - md->held_by_nodes++; - } - + if (node == NULL) + return NULL; + if (node->md) + node->md->held_by_nodes--; + node->md = md; + md->held_by_nodes++; node_add_to_address_set(node); return node;

1 0