router: Fix memory leak in signed_descriptor_move()

The signed_descriptor_move() was not releasing memory inside the destination
object before overwriting it with the source object. This commit adds a reset
function that free that memory inside a signed descriptor object and zero it.

Closes #20715.

Signed-off-by: David Goulet <dgoulet@torproject.org>
This commit is contained in:
David Goulet 2016-12-08 11:46:52 -05:00 committed by Nick Mathewson
parent f9636ebc2f
commit 9bb3bcbc41
2 changed files with 17 additions and 0 deletions

4
changes/bug20715 Normal file
View File

@ -0,0 +1,4 @@
o Minor bugfixes (memory leak)
- When moving a signed descriptor object from a source to an existing
destination, free the allocated memory inside that destination object.
Bugfix on tor-0.2.8.3-alpha; Closes #20715.

View File

@ -3235,6 +3235,17 @@ signed_descriptor_free(signed_descriptor_t *sd)
tor_free(sd);
}
/** Reset the given signed descriptor <b>sd</b> by freeing the allocated
* memory inside the object and by zeroing its content. */
static void
signed_descriptor_reset(signed_descriptor_t *sd)
{
tor_assert(sd);
tor_free(sd->signed_descriptor_body);
tor_cert_free(sd->signing_key_cert);
memset(sd, 0, sizeof(*sd));
}
/** Copy src into dest, and steal all references inside src so that when
* we free src, we don't mess up dest. */
static void
@ -3242,6 +3253,8 @@ signed_descriptor_move(signed_descriptor_t *dest,
signed_descriptor_t *src)
{
tor_assert(dest != src);
/* Cleanup destination object before overwriting it.*/
signed_descriptor_reset(dest);
memcpy(dest, src, sizeof(signed_descriptor_t));
src->signed_descriptor_body = NULL;
src->signing_key_cert = NULL;