[tor-commits] [tor/master] Clear memory in smartlist_remove_keeporder.
dgoulet at torproject.org
dgoulet at torproject.org
Wed Apr 24 13:58:14 UTC 2019
commit 670d0f9f5bb7d73ad236a035ed7bd69e96cadd41
Author: Tobias Stoeckmann <tobias at stoeckmann.org>
Date: Sat Apr 13 16:55:36 2019 +0200
Clear memory in smartlist_remove_keeporder.
The smartlist functions take great care to reset unused pointers inside
the smartlist memory to NULL.
The function smartlist_remove_keeporder does not clear memory in such
way when elements have been removed. Therefore call memset after the
for-loop that removes elements. If no element is removed, it is
effectively a no-op.
Signed-off-by: Tobias Stoeckmann <tobias at stoeckmann.org>
---
changes/ticket30176 | 4 ++++
src/lib/smartlist_core/smartlist_core.c | 2 ++
2 files changed, 6 insertions(+)
diff --git a/changes/ticket30176 b/changes/ticket30176
new file mode 100644
index 000000000..da23760ce
--- /dev/null
+++ b/changes/ticket30176
@@ -0,0 +1,4 @@
+ o Minor features (defense in depth):
+ - In smartlist_remove_keeporder(), set any pointers that become
+ unused to NULL, in case a bug causes them to be used later. Closes
+ ticket 30176. Patch from Tobias Stoeckmann.
diff --git a/src/lib/smartlist_core/smartlist_core.c b/src/lib/smartlist_core/smartlist_core.c
index 5947e7627..6b0a305a9 100644
--- a/src/lib/smartlist_core/smartlist_core.c
+++ b/src/lib/smartlist_core/smartlist_core.c
@@ -177,6 +177,8 @@ smartlist_remove_keeporder(smartlist_t *sl, const void *element)
sl->list[i++] = sl->list[j];
}
}
+ memset(sl->list + sl->num_used, 0,
+ sizeof(void *) * (num_used_orig - sl->num_used));
}
/** If <b>sl</b> is nonempty, remove and return the final element. Otherwise,
More information about the tor-commits
mailing list