commit cec647ff3eab20c97a744a59b808eb49760acfd3 parent 5f4e14b8c8cd4c8907f669144a5a4bb8b8b7a585 Author: Nick Mathewson <nickm@torproject.org> Date: Tue, 17 Mar 2020 13:56:03 -0400 Merge branch 'trove_2020_004_041_v2' into maint-0.4.1 Diffstat:
| A | changes/ticket33619 | | | 5 | +++++ |
| M | src/core/or/circuitpadding.c | | | 9 | ++++++--- |
2 files changed, 11 insertions(+), 3 deletions(-)
diff --git a/changes/ticket33619 b/changes/ticket33619 @@ -0,0 +1,5 @@ + o Major bugfixes (circuit padding, memory leaks): + - Avoid a remotely triggered memory leak in the case that a circuit + padding machine is somehow negotiated twice on the same circuit. Fixes + bug 33619; bugfix on 0.4.0.1-alpha. Found by Tobias Pulls. This is + also tracked as TROVE-2020-004. diff --git a/src/core/or/circuitpadding.c b/src/core/or/circuitpadding.c @@ -2381,9 +2381,12 @@ circpad_setup_machine_on_circ(circuit_t *on_circ, return; } - tor_assert_nonfatal(on_circ->padding_machine[machine->machine_index] - == NULL); - tor_assert_nonfatal(on_circ->padding_info[machine->machine_index] == NULL); + IF_BUG_ONCE(on_circ->padding_machine[machine->machine_index] != NULL) { + return; + } + IF_BUG_ONCE(on_circ->padding_info[machine->machine_index] != NULL) { + return; + } /* Log message */ if (CIRCUIT_IS_ORIGIN(on_circ)) {