Skip to content

GitLab

Trac
Trac

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

Closed (moved)
Opened by George Kadianakis@asn

Invalid memory read in `pt_configure_remaining_proxies()`

void
pt_configure_remaining_proxies(void)
...
    /* If the proxy is not fully configured, try to configure it
       futher. */
    if (!proxy_configuration_finished(mp))
      configure_proxy(mp);

    if (proxy_configuration_finished(mp))
      at_least_a_proxy_config_finished = 1;

If the managed proxy is destroyed during configure_proxy() (by going to handle_finished_proxy()), then it is passed to proxy_configuration_finished() which reads mp->conf_state. This is an invalid memory read since the memory area of mp was freed.

Not too hard to fix. An inelegant fix would be to make configure_proxy() return an int, that would warn pt_configure_remaining_proxies() if it destroys the managed proxy.

Bug present since 0.2.4.x. Doesn't seem threatening, so we can fix it just in 0.2.5.x. The bug triggers when something bad happens during the managed-proxy configuration protocol, and we have to destroy the managed proxy.

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information