Sign in before continuing.

Commit b792afa9 authored Sep 13, 2009 by Sebastian Hahn

Fix a memory leak when parsing a ns

Adding the same vote to a networkstatus consensus leads to a memory leak
on the client side. Fix that by only using the first vote from any given
voter, and ignoring the others.

Problem found by Rotor, who also helped writing the patch. Thanks!

parent fcacf224

ChangeLog

+3 −0

Original line number	Diff line number	Diff line
		@@ -6,6 +6,9 @@ Changes in version 0.2.1.20 - 2009-??-??
		patch. Bugfix on the 54th commit on Tor -- from July 2002,
		before the release of Tor 0.0.0. This is the new winner of the
		oldest-bug prize.
		- Fix a remotely triggerable memory leak when a consensus document
		contains more than one signature from the same voter. Bugfix on
		0.2.0.3-alpha.

		o New directory authorities:
		- Set up urras (run by Jacob Appelbaum) as the seventh v3 directory

src/or/routerparse.c

+8 −0

Original line number	Diff line number	Diff line
		@@ -2509,6 +2509,14 @@ networkstatus_parse_vote_from_string(const char s, const char *eos_out,
		} else {
		if (tok->object_size >= INT_MAX)
		goto err;
		/* We already parsed a vote from this voter. Use the first one. */
		if (v->signature) {
		log_fn(LOG_PROTOCOL_WARN, LD_DIR, "We received a networkstatus "
		"that contains two votes from the same voter. Ignoring "
		"the second vote.");
		continue;
		}

		v->signature = tor_memdup(tok->object_body, tok->object_size);
		v->signature_len = (int) tok->object_size;
		}