[tor-commits] [tor/master] Avoid use-after-free error in 20020 fix

[nickm at torproject.org]

commit a1b0a0b9cd313535f954d8033ea6672ddd5ccc2a
Author: Nick Mathewson <nickm at torproject.org>
Date:   Thu Nov 30 11:44:15 2017 -0500

    Avoid use-after-free error in 20020 fix
    
    CID 1424328; found by coverity; bugfix on 93dbce4ddd98ca9a4ff2f;
    bug not in any released Tor.
---
 src/or/routerlist.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index 24c0a4e07..ef1538279 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -5197,6 +5197,10 @@ update_consensus_router_descriptor_downloads(time_t now, int is_vote,
           log_warn(LD_BUG, "Failed to re-parse a router.");
           continue;
         }
+        /* need to compute this now, since add_to_routerlist may free. */
+        char time_cert_expires[ISO_TIME_LEN+1];
+        format_iso_time(time_cert_expires, ri->cert_expiration_time);
+
         r = router_add_to_routerlist(ri, &msg, 1, 0);
         if (WRA_WAS_OUTDATED(r)) {
           log_warn(LD_DIR, "Couldn't add re-parsed router: %s. This isn't "
@@ -5205,12 +5209,10 @@ update_consensus_router_descriptor_downloads(time_t now, int is_vote,
                    msg?msg:"???");
           if (r == ROUTER_CERTS_EXPIRED) {
             char time_cons[ISO_TIME_LEN+1];
-            char time_cert[ISO_TIME_LEN+1];
             format_iso_time(time_cons, consensus->valid_after);
-            format_iso_time(time_cert, ri->cert_expiration_time);
             log_warn(LD_DIR, "  (I'm looking at a consensus from %s; This "
                      "router's certificates began expiring at %s.)",
-                     time_cons, time_cert);
+                     time_cons, time_cert_expires);
           }
         }
     } SMARTLIST_FOREACH_END(sd);