[tor-bugs] #32376 [Core Tor/Tor]: test: Possible NULL deref in free_fake_orcirc()
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Nov 5 12:38:01 UTC 2019
#32376: test: Possible NULL deref in free_fake_orcirc()
------------------------------+--------------------------------
Reporter: dgoulet | Owner: dgoulet
Type: defect | Status: assigned
Priority: Medium | Milestone: Tor: 0.4.3.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Keywords: tor-test, coverity
Actual Points: | Parent ID:
Points: 0.1 | Reviewer:
Sponsor: |
------------------------------+--------------------------------
Introduced with #32196.
Found by coverity:
{{{
*** CID 1455207: Null pointer dereferences (FORWARD_NULL)
/src/test/test_relay.c: 116 in test_relay_close_circuit()
110 if (orcirc) {
111 circuitmux_detach_circuit(nchan->cmux, TO_CIRCUIT(orcirc));
112 circuitmux_detach_circuit(pchan->cmux, TO_CIRCUIT(orcirc));
113 cell_queue_clear(&orcirc->base_.n_chan_cells);
114 cell_queue_clear(&orcirc->p_chan_cells);
115 }
>>> CID 1455207: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "orcirc" to "free_fake_orcirc", which
dereferences it.
116 free_fake_orcirc(orcirc);
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32376>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list