From 65575b0755f64d21d59532bf58e6c27e14086bbb Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Sat, 26 Apr 2014 12:45:34 -0400
Subject: Stop leaking memory in error cases of md parsing

When clearing a list of tokens, it's important to do token_clear()
on them first, or else any keys they contain will leak.  This didn't
leak memory on any of the successful microdescriptor parsing paths,
but it does leak on some failing paths when the failure happens
during tokenization.

Fixes bug 11618; bugfix on 0.2.2.6-alpha.
---
 changes/md_leak_bug | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 changes/md_leak_bug

(limited to 'changes/md_leak_bug')

diff --git a/changes/md_leak_bug b/changes/md_leak_bug
new file mode 100644
index 000000000..26270aacc
--- /dev/null
+++ b/changes/md_leak_bug
@@ -0,0 +1,5 @@
+  o Major bugfixes (security, OOM)
+    - Fix a memory leak that could occur if a microdescriptor parse
+      fails during the tokenizing step. This could enable a memory
+      exhaustion attack by directory servers. Fixes bug #11649; bugfix
+      on 0.2.2.6-alpha.
-- 
cgit v1.2.3