diff options
| author | Sebastian Hahn <sebastian@torproject.org> | 2010-02-07 06:30:55 +0100 |
|---|---|---|
| committer | Sebastian Hahn <sebastian@torproject.org> | 2010-02-07 06:37:35 +0100 |
| commit | dfee17328950628686bf2c78a8983871f36d97cf (patch) | |
| tree | 2892be8eb23376721e0cea6150c92e86c1721def /src/or | |
| parent | f6ff14a82ead43e3f5c2a6b2f2ace45ca2f45081 (diff) | |
| download | tor-dfee17328950628686bf2c78a8983871f36d97cf.tar tor-dfee17328950628686bf2c78a8983871f36d97cf.tar.gz | |
lookup_last_hid_serv_request() could overflow and leak memory
The problem was that we didn't allocate enough memory on 32-bit
platforms with 64-bit time_t. The memory leak occured every time
we fetched a hidden service descriptor we've fetched before.
Diffstat (limited to 'src/or')
| -rw-r--r-- | src/or/rendclient.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/src/or/rendclient.c b/src/or/rendclient.c index 47a8818a5..e252174b4 100644 --- a/src/or/rendclient.c +++ b/src/or/rendclient.c @@ -354,9 +354,12 @@ lookup_last_hid_serv_request(routerstatus_t *hs_dir, tor_snprintf(hsdir_desc_comb_id, sizeof(hsdir_desc_comb_id), "%s%s", hsdir_id_base32, desc_id_base32); if (set) { - last_request_ptr = tor_malloc_zero(sizeof(time_t *)); + time_t *oldptr; + last_request_ptr = tor_malloc_zero(sizeof(time_t)); *last_request_ptr = now; - strmap_set(last_hid_serv_requests, hsdir_desc_comb_id, last_request_ptr); + oldptr = strmap_set(last_hid_serv_requests, hsdir_desc_comb_id, + last_request_ptr); + tor_free(oldptr); } else last_request_ptr = strmap_get_lc(last_hid_serv_requests, hsdir_desc_comb_id); |