Commit 78bcfc12 authored by Nick Mathewson's avatar Nick Mathewson 🦀
Browse files

circpad_setup_machine_on_circ(): exit early on error. 

This function does a nonfatal assertion to make sure that a machine
is not registered twice, but Tobias Pulls found a case where it
happens.  Instead, make the function exit early so that it doesn't
cause a remotely triggered memory leak.

Fixes bug 33619; bugfix on 0.4.0.1-alpha.  This is also tracked as
TROVE-2020-004.
parent 7a9e2a26

changes/ticket33619

0 → 100644
+5 −0
Original line number Diff line number Diff line 
  o Major bugfixes (circuit padding, memory leaks):

    - Avoid a remotely triggered memory leak in the case that a circuit

      padding machine is somehow negotiated twice on the same circuit. Fixes

      bug 33619; bugfix on 0.4.0.1-alpha.  Found by Tobias Pulls.  This is

      also tracked as TROVE-2020-004.

src/core/or/circuitpadding.c

+6 −3
Original line number Diff line number Diff line
@@ -2381,9 +2381,12 @@ circpad_setup_machine_on_circ(circuit_t *on_circ, 
    return;

  }



  tor_assert_nonfatal(on_circ->padding_machine[machine->machine_index]

                      == NULL);

  tor_assert_nonfatal(on_circ->padding_info[machine->machine_index] == NULL);

  IF_BUG_ONCE(on_circ->padding_machine[machine->machine_index] != NULL) {

    return;

  }

  IF_BUG_ONCE(on_circ->padding_info[machine->machine_index] != NULL) {

    return;

  }



  /* Log message */

  if (CIRCUIT_IS_ORIGIN(on_circ)) {