[tor-bugs] #17417 [Tor]: fail self-test for cert_new in v0.2.8.0-alpha-dev NetBSD 6_Stable

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Oct 24 18:35:12 UTC 2015 

#17417: fail self-test for cert_new in v0.2.8.0-alpha-dev NetBSD 6_Stable
--------------------+------------------------------------
 Reporter:  yancm   |          Owner:
     Type:  defect  |         Status:  needs_review
 Priority:  Medium  |      Milestone:  Tor: 0.2.8.x-final
Component:  Tor     |        Version:  Tor: unspecified
 Severity:  Normal  |     Resolution:
 Keywords:          |  Actual Points:
Parent ID:          |         Points:
  Sponsor:          |
--------------------+------------------------------------

Comment (by rl1987):

 Here's my reasoning. `tor_x509_cert_new()` allocates a `tor_x509_cert_t`
 object. `tor_x509_cert_free()` then frees it. At the end of the function,
 it tries to free it again. One of the ways to avoid double-freeing things
 is to set the pointer to NULL after first freeing the memory. Note that
 `ret` the pointer cannot be cleared inside `tor_x509_cert_free()` because
 `tor_x509_cert_free()` receives a ''new copy'' of that pointer and cannot
 do anything about the old copy in the testcase.

 If you compile Tor with non-cutting-edge OpenSSL, this portion of code
 will be compiled in:

 {{{
  #ifndef OPENSSL_OPAQUE
    cert = read_cert_from(validCertString);
    X509_CINF_free(cert->cert_info);
    cert->cert_info = NULL;
    ret = tor_x509_cert_new(cert);
    tt_assert(ret);
  #endif
 }}}
 Here, it creates a new `tor_x509_cert_t` object. If I refrained from
 freeing the memory before the new `tor_x509_cert_t` instance is created
 (like I did in my first patch), everyone would forget about the old
 instance and the memory would be leaked.

 Now, if I free the previous `tor_x509_cert_t` instance and nullify the
 pointer, there will be no memory leak regardless the `OPENSSL_OPAQUE`
 macro. And there is no double-free crashbug because
 `tor_x509_cert_free(NULL)` is no-op.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17417#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list