Selaa lähdekoodia

Fix valgrind error when marking a descriptor as never-downloadable.

When we got a descriptor that we (as an authority) rejected as totally
bad, we were freeing it, then using the digest in its RAM to look up its
download status.  Caught by arma with valgrind.  Bugfix on 0.2.1.9-alpha.
Nick Mathewson 16 vuotta sitten
vanhempi
commit
c0515b307c
2 muutettua tiedostoa jossa 6 lisäystä ja 3 poistoa
  1. 2 0
      ChangeLog
  2. 4 3
      src/or/routerlist.c

+ 2 - 0
ChangeLog

@@ -21,6 +21,8 @@ Changes in version 0.2.1.15??? - ????-??-??
     - Stop using malloc_usable_size() to use more area than we had
       actually allocated: it was safe, but made valgrind really
       unhappy.  Bugfix on 0.2.0.x.
+    - Fix use of freed memory when deciding to mark a non-addable
+      descriptor as never-downloadable.  Bugfix on 0.2.1.9-alpha.
 
 
 Changes in version 0.2.1.14-rc - 2009-04-12

+ 4 - 3
src/or/routerlist.c

@@ -3513,6 +3513,7 @@ router_load_routers_from_string(const char *s, const char *eos,
 
   SMARTLIST_FOREACH_BEGIN(routers, routerinfo_t *, ri) {
     was_router_added_t r;
+    char d[DIGEST_LEN];
     if (requested_fingerprints) {
       base16_encode(fp, sizeof(fp), descriptor_digests ?
                       ri->cache_info.signed_descriptor_digest :
@@ -3533,6 +3534,7 @@ router_load_routers_from_string(const char *s, const char *eos,
       }
     }
 
+    memcpy(d, ri->cache_info.signed_descriptor_digest, DIGEST_LEN);
     r = router_add_to_routerlist(ri, &msg, from_cache, !from_cache);
     if (WRA_WAS_ADDED(r)) {
       any_changed++;
@@ -3541,11 +3543,10 @@ router_load_routers_from_string(const char *s, const char *eos,
       smartlist_clear(changed);
     } else if (WRA_WAS_REJECTED(r)) {
       download_status_t *dl_status;
-      dl_status = router_get_dl_status_by_descriptor_digest(
-          ri->cache_info.signed_descriptor_digest);
+      dl_status = router_get_dl_status_by_descriptor_digest(d);
       if (dl_status) {
         log_info(LD_GENERAL, "Marking router %s as never downloadable",
-                 hex_str(ri->cache_info.signed_descriptor_digest, DIGEST_LEN));
+                 hex_str(d, DIGEST_LEN));
         download_status_mark_impossible(dl_status);
       }
     }