router: Fix memory leak in signed_descriptor_move()

The signed_descriptor_move() was not releasing memory inside the destination object before overwriting it with the source object. This commit adds a reset function that free that memory inside a signed descriptor object and zero it. Closes #20715. Signed-off-by: David Goulet <dgoulet@torproject.org>

router: Fix memory leak in signed_descriptor_move()
9bb3bcbc · David Goulet · Nick Mathewson · f9636ebc · 9bb3bcbc · 9bb3bcbc
Commit 9bb3bcbc authored 8 years ago by David Goulet Committed by Nick Mathewson 8 years ago
--- a/changes/bug20715
+++ b/changes/bug20715
+  o Minor bugfixes (memory leak)
+    - When moving a signed descriptor object from a source to an existing
+      destination, free the allocated memory inside that destination object.
+      Bugfix on tor-0.2.8.3-alpha; Closes #20715.
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -3235,6 +3235,17 @@ signed_descriptor_free(signed_descriptor_t *sd)
  tor_free(sd);
 }

+/** Reset the given signed descriptor <b>sd</b> by freeing the allocated
+ * memory inside the object and by zeroing its content. */
+static void
+signed_descriptor_reset(signed_descriptor_t *sd)
+{
+  tor_assert(sd);
+  tor_free(sd->signed_descriptor_body);
+  tor_cert_free(sd->signing_key_cert);
+  memset(sd, 0, sizeof(*sd));
+}
+
 /** Copy src into dest, and steal all references inside src so that when
 * we free src, we don't mess up dest. */
 static void
@@ -3242,6 +3253,8 @@ signed_descriptor_move(signed_descriptor_t *dest,
                       signed_descriptor_t *src)
 {
  tor_assert(dest != src);
+  /* Cleanup destination object before overwriting it.*/
+  signed_descriptor_reset(dest);
  memcpy(dest, src, sizeof(signed_descriptor_t));
  src->signed_descriptor_body = NULL;
  src->signing_key_cert = NULL;