commit 9bb3bcbc414f8845d025e6bf74ffdf6be96a5ebe Author: David Goulet dgoulet@torproject.org Date: Thu Dec 8 11:46:52 2016 -0500
router: Fix memory leak in signed_descriptor_move()
The signed_descriptor_move() was not releasing memory inside the destination object before overwriting it with the source object. This commit adds a reset function that free that memory inside a signed descriptor object and zero it.
Closes #20715.
Signed-off-by: David Goulet dgoulet@torproject.org --- changes/bug20715 | 4 ++++ src/or/routerlist.c | 13 +++++++++++++ 2 files changed, 17 insertions(+)
diff --git a/changes/bug20715 b/changes/bug20715 new file mode 100644 index 0000000..737a560 --- /dev/null +++ b/changes/bug20715 @@ -0,0 +1,4 @@ + o Minor bugfixes (memory leak) + - When moving a signed descriptor object from a source to an existing + destination, free the allocated memory inside that destination object. + Bugfix on tor-0.2.8.3-alpha; Closes #20715. diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 56c0522..b876795 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -3235,6 +3235,17 @@ signed_descriptor_free(signed_descriptor_t *sd) tor_free(sd); }
+/** Reset the given signed descriptor <b>sd</b> by freeing the allocated + * memory inside the object and by zeroing its content. */ +static void +signed_descriptor_reset(signed_descriptor_t *sd) +{ + tor_assert(sd); + tor_free(sd->signed_descriptor_body); + tor_cert_free(sd->signing_key_cert); + memset(sd, 0, sizeof(*sd)); +} + /** Copy src into dest, and steal all references inside src so that when * we free src, we don't mess up dest. */ static void @@ -3242,6 +3253,8 @@ signed_descriptor_move(signed_descriptor_t *dest, signed_descriptor_t *src) { tor_assert(dest != src); + /* Cleanup destination object before overwriting it.*/ + signed_descriptor_reset(dest); memcpy(dest, src, sizeof(signed_descriptor_t)); src->signed_descriptor_body = NULL; src->signing_key_cert = NULL;