use-after-free in validate_intro_point_failure

In validate_intro_point_failure(), we look at identity after freeing intro. But identity is a reference into intro, so we shouldn't free intro till we're done with it.

changed milestone to %Tor: 0.2.7.x-final

added 2016-bug-retrospective component::core tor/tor milestone::Tor: 0.2.7.x-final priority::very high resolution::fixed severity::major status::closed type::defect labels

5b2070198a9fa7d19f50ba165dc6ff274ffe073a fixes this one.

Trac:
Resolution: N/A to fixed
Status: new to closed

Marking these tickets (based on severity and hand-review) for inclusion in 2016 bug retrospective

Trac:
Keywords: N/A deleted, 2016-bug-retrospective added

Mark more tickets for bug retrospective based on hand-review of changelogs from 0.2.5 onwards.

closed

moved to tpo/core/tor#17401 (closed)