Commit 65575b07 authored by Nick Mathewson's avatar Nick Mathewson 🤹
Browse files

Stop leaking memory in error cases of md parsing 

When clearing a list of tokens, it's important to do token_clear()
on them first, or else any keys they contain will leak.  This didn't
leak memory on any of the successful microdescriptor parsing paths,
but it does leak on some failing paths when the failure happens
during tokenization.

Fixes bug 11618; bugfix on 0.2.2.6-alpha.
parent ef3d7f2f

changes/md_leak_bug

0 → 100644
+5 −0
Original line number Diff line number Diff line 
  o Major bugfixes (security, OOM)

    - Fix a memory leak that could occur if a microdescriptor parse

      fails during the tokenizing step. This could enable a memory

      exhaustion attack by directory servers. Fixes bug #11649; bugfix

      on 0.2.2.6-alpha.

src/or/routerparse.c

+2 −0
Original line number Diff line number Diff line
@@ -4455,11 +4455,13 @@ microdescs_parse_from_string(const char *s, const char *eos, 
    microdesc_free(md);

    md = NULL;



    SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_clear(t));

    memarea_clear(area);

    smartlist_clear(tokens);

    s = start_of_next_microdesc;

  }



  SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_clear(t));

  memarea_drop_all(area);

  smartlist_free(tokens);