Free rend_data and intro_key when extra intro circs become general-purpose

changes/bug4251

@@ -0,0 +1,8 @@
+  o Minor bugfixes:
+
+    - When a hidden service turns an extra service-side introduction
+      circuit into a general-purpose circuit, free the rend_data and
+      intro_key fields first, so they won't be leaked if the circuit
+      is cannibalized for use as another service-side introduction
+      circuit.  Bugfix on 0.2.1.7-alpha; fixes bug 4251.
+

src/or/rendservice.c

@@ -1421,7 +1421,20 @@ rend_service_intro_has_opened(origin_circuit_t *circuit)
       log_info(LD_CIRC|LD_REND, "We have just finished an introduction "
                "circuit, but we already have enough. Redefining purpose to "
                "general; leaving as internal.");
+
       TO_CIRCUIT(circuit)->purpose = CIRCUIT_PURPOSE_C_GENERAL;
+
+      {
+        rend_data_t *rend_data = circuit->rend_data;
+        circuit->rend_data = NULL;
+        rend_data_free(rend_data);
+      }
+      {
+        crypto_pk_env_t *intro_key = circuit->intro_key;
+        circuit->intro_key = NULL;
+        crypto_free_pk_env(intro_key);
+      }
+
       circuit_has_opened(circuit);
       return;
     }