diff options
| author | Nick Mathewson <nickm@torproject.org> | 2011-10-28 16:38:56 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2011-10-28 16:38:56 -0400 |
| commit | c2a098e9800edb27d6a3630337e0efa72dfa7ba2 (patch) | |
| tree | 01889da1b348476e5b0ff2c0eec0c9db83d1aba1 /src | |
| parent | 7a8960cf1b34d27db0ffe0929c1810800f319c86 (diff) | |
| download | tor-c2a098e9800edb27d6a3630337e0efa72dfa7ba2.tar tor-c2a098e9800edb27d6a3630337e0efa72dfa7ba2.tar.gz | |
Fix a double-free that would occur on an invalid cert in a CERTS cell
We would stash the certs in the handshake state before checking them
for validity... and then if they turned out to be invalid, we'd give
an error and free them. Then, later, we'd free them again when we
tore down the connection.
Fixes bug 4343; fix on 0.2.3.6-alpha.
Diffstat (limited to 'src')
| -rw-r--r-- | src/or/command.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/or/command.c b/src/or/command.c index d35e2a9c8..aa5a62d54 100644 --- a/src/or/command.c +++ b/src/or/command.c @@ -1020,8 +1020,6 @@ command_process_cert_cell(var_cell_t *cell, or_connection_t *conn) ERR("The certs we wanted were missing"); /* Remember these certificates so we can check an AUTHENTICATE cell */ - conn->handshake_state->id_cert = id_cert; - conn->handshake_state->auth_cert = auth_cert; if (! tor_tls_cert_is_valid(auth_cert, id_cert, 1)) ERR("The authentication certificate was not valid"); if (! tor_tls_cert_is_valid(id_cert, id_cert, 1)) @@ -1032,6 +1030,8 @@ command_process_cert_cell(var_cell_t *cell, or_connection_t *conn) safe_str(conn->_base.address), conn->_base.port); /* XXXX check more stuff? */ + conn->handshake_state->id_cert = id_cert; + conn->handshake_state->auth_cert = auth_cert; id_cert = auth_cert = NULL; } |