commit 04512d9fcd03bde1cedfa09f208a4c410172fe22 Author: Nick Mathewson <nickm@torproject.org> Date: Thu Jul 12 14:20:56 2018 -0400 SOCKS: Always free username/password before setting them. This fixes a memory leak found by fuzzing. --- src/core/proto/proto_socks.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/core/proto/proto_socks.c b/src/core/proto/proto_socks.c index 530436c41..9cc9568a4 100644 --- a/src/core/proto/proto_socks.c +++ b/src/core/proto/proto_socks.c @@ -174,6 +174,7 @@ parse_socks4_request(const uint8_t *raw_data, socks_request_t *req, goto end; } + tor_free(req->username); req->got_auth = 1; req->username = tor_strdup(username); req->usernamelen = usernamelen; @@ -445,6 +446,7 @@ parse_socks5_userpass_auth(const uint8_t *raw_data, socks_request_t *req, socks5_client_userpass_auth_getconstarray_passwd(trunnel_req); if (usernamelen && username) { + tor_free(req->username); req->username = tor_memdup_nulterm(username, usernamelen); req->usernamelen = usernamelen; @@ -452,6 +454,7 @@ parse_socks5_userpass_auth(const uint8_t *raw_data, socks_request_t *req, } if (passwordlen && password) { + tor_free(req->password); req->password = tor_memdup_nulterm(password, passwordlen); req->passwordlen = passwordlen;