From 50cbf220994c7cec5939666cbf990acb4aaa46c6 Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Fri, 20 May 2016 07:59:09 -0400
Subject: [PATCH] Fix a bug related to moving signing_key_cert

Now that the field exists in signed_descriptor_t, we need to make
sure we free it when we free a signed_descriptor_t, and we need to
make sure that we don't free it when we convert a routerinfo_t to a
signed_descriptor_t.

But not in any released Tor. I found this while working on #19128.

One problem: I don't see how this could cause 19128.
---
 src/or/routerlist.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index f9247cba0..d49814f05 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -2932,6 +2932,7 @@ signed_descriptor_free(signed_descriptor_t *sd)
     return;
 
   tor_free(sd->signed_descriptor_body);
+  tor_cert_free(sd->signing_key_cert);
 
   memset(sd, 99, sizeof(signed_descriptor_t)); /* Debug bad mem usage */
   tor_free(sd);
@@ -2949,6 +2950,7 @@ signed_descriptor_from_routerinfo(routerinfo_t *ri)
   memcpy(sd, &(ri->cache_info), sizeof(signed_descriptor_t));
   sd->routerlist_index = -1;
   ri->cache_info.signed_descriptor_body = NULL;
+  ri->cache_info.signing_key_cert = NULL;
   routerinfo_free(ri);
   return sd;
 }