From 4bb7d9fd1241a3c263636efa03ee8c62ab744515 Mon Sep 17 00:00:00 2001 From: Taylor Yu Date: Mon, 26 Mar 2018 17:51:50 -0500 Subject: [PATCH 1/3] Fix CID 1430932 Coverity found a null pointer reference in nodelist_add_microdesc(). This is almost certainly impossible assuming that the routerstatus_t returned by router_get_consensus_status_by_descriptor_digest() always corresponds to an entry in the nodelist. Fixes bug 25629. --- changes/bug25629 | 3 +++ src/or/nodelist.c | 13 ++++++------- 2 files changed, 9 insertions(+), 7 deletions(-) create mode 100644 changes/bug25629 diff --git a/changes/bug25629 b/changes/bug25629 new file mode 100644 index 000000000..190928a94 --- /dev/null +++ b/changes/bug25629 @@ -0,0 +1,3 @@ + o Minor bugfixes (C correctness): + - Fix a very unlikely null pointer dereference. Fixes bug 25629; + bugfix on 0.2.9.15. Found by Coverity; this is CID 1430932. diff --git a/src/or/nodelist.c b/src/or/nodelist.c index 5a02648c5..26f990b08 100644 --- a/src/or/nodelist.c +++ b/src/or/nodelist.c @@ -263,13 +263,12 @@ nodelist_add_microdesc(microdesc_t *md) if (rs == NULL) return NULL; node = node_get_mutable_by_id(rs->identity_digest); - if (node) { - if (node->md) - node->md->held_by_nodes--; - node->md = md; - md->held_by_nodes++; - } - + if (node == NULL) + return NULL; + if (node->md) + node->md->held_by_nodes--; + node->md = md; + md->held_by_nodes++; node_add_to_address_set(node); return node; From 0c13a84c0d9282e597227d117e23216bb459caad Mon Sep 17 00:00:00 2001 From: Taylor Yu Date: Mon, 26 Mar 2018 18:05:16 -0500 Subject: [PATCH 2/3] Fix CID 1430932 Coverity found a null pointer reference in nodelist_add_microdesc(). This is almost certainly impossible assuming that the routerstatus_t returned by router_get_consensus_status_by_descriptor_digest() always corresponds to an entry in the nodelist. Fixes bug 25629. --- changes/bug25629 | 3 +++ src/or/nodelist.c | 28 ++++++++++++++-------------- 2 files changed, 17 insertions(+), 14 deletions(-) create mode 100644 changes/bug25629 diff --git a/changes/bug25629 b/changes/bug25629 new file mode 100644 index 000000000..190928a94 --- /dev/null +++ b/changes/bug25629 @@ -0,0 +1,3 @@ + o Minor bugfixes (C correctness): + - Fix a very unlikely null pointer dereference. Fixes bug 25629; + bugfix on 0.2.9.15. Found by Coverity; this is CID 1430932. diff --git a/src/or/nodelist.c b/src/or/nodelist.c index 9a477ecf4..ac9449855 100644 --- a/src/or/nodelist.c +++ b/src/or/nodelist.c @@ -525,22 +525,22 @@ nodelist_add_microdesc(microdesc_t *md) if (rs == NULL) return NULL; node = node_get_mutable_by_id(rs->identity_digest); - if (node) { - node_remove_from_ed25519_map(node); - if (node->md) - node->md->held_by_nodes--; + if (node == NULL) + return NULL; - node->md = md; - md->held_by_nodes++; - /* Setting the HSDir index requires the ed25519 identity key which can - * only be found either in the ri or md. This is why this is called here. - * Only nodes supporting HSDir=2 protocol version needs this index. */ - if (rs->supports_v3_hsdir) { - node_set_hsdir_index(node, ns); - } - node_add_to_ed25519_map(node); + node_remove_from_ed25519_map(node); + if (node->md) + node->md->held_by_nodes--; + + node->md = md; + md->held_by_nodes++; + /* Setting the HSDir index requires the ed25519 identity key which can + * only be found either in the ri or md. This is why this is called here. + * Only nodes supporting HSDir=2 protocol version needs this index. */ + if (rs->supports_v3_hsdir) { + node_set_hsdir_index(node, ns); } - + node_add_to_ed25519_map(node); node_add_to_address_set(node); return node; From 471f28a2a85b8db8315f518aff456440f9791877 Mon Sep 17 00:00:00 2001 From: Taylor Yu Date: Mon, 26 Mar 2018 19:29:59 -0500 Subject: [PATCH 3/3] Fix CID 1430932 Coverity found a null pointer reference in nodelist_add_microdesc(). This is almost certainly impossible assuming that the routerstatus_t returned by router_get_consensus_status_by_descriptor_digest() always corresponds to an entry in the nodelist. Fixes bug 25629. --- changes/bug25629 | 3 +++ src/or/nodelist.c | 28 ++++++++++++++-------------- 2 files changed, 17 insertions(+), 14 deletions(-) create mode 100644 changes/bug25629 diff --git a/changes/bug25629 b/changes/bug25629 new file mode 100644 index 000000000..190928a94 --- /dev/null +++ b/changes/bug25629 @@ -0,0 +1,3 @@ + o Minor bugfixes (C correctness): + - Fix a very unlikely null pointer dereference. Fixes bug 25629; + bugfix on 0.2.9.15. Found by Coverity; this is CID 1430932. diff --git a/src/or/nodelist.c b/src/or/nodelist.c index 391b31d68..125dd8b9f 100644 --- a/src/or/nodelist.c +++ b/src/or/nodelist.c @@ -507,22 +507,22 @@ nodelist_add_microdesc(microdesc_t *md) if (rs == NULL) return NULL; node = node_get_mutable_by_id(rs->identity_digest); - if (node) { - node_remove_from_ed25519_map(node); - if (node->md) - node->md->held_by_nodes--; + if (node == NULL) + return NULL; - node->md = md; - md->held_by_nodes++; - /* Setting the HSDir index requires the ed25519 identity key which can - * only be found either in the ri or md. This is why this is called here. - * Only nodes supporting HSDir=2 protocol version needs this index. */ - if (rs->pv.supports_v3_hsdir) { - node_set_hsdir_index(node, ns); - } - node_add_to_ed25519_map(node); + node_remove_from_ed25519_map(node); + if (node->md) + node->md->held_by_nodes--; + + node->md = md; + md->held_by_nodes++; + /* Setting the HSDir index requires the ed25519 identity key which can + * only be found either in the ri or md. This is why this is called here. + * Only nodes supporting HSDir=2 protocol version needs this index. */ + if (rs->pv.supports_v3_hsdir) { + node_set_hsdir_index(node, ns); } - + node_add_to_ed25519_map(node); node_add_to_address_set(node); return node;