Opened 19 months ago

Closed 19 months ago

Last modified 13 months ago

#17401 closed defect (fixed)

use-after-free in validate_intro_point_failure

Reported by: nickm Owned by:
Priority: Very High Milestone: Tor: 0.2.7.x-final
Component: Core Tor/Tor Version:
Severity: Major Keywords: 2016-bug-retrospective
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


In validate_intro_point_failure(), we look at identity after freeing intro. But identity is a reference into intro, so we shouldn't free intro till we're done with it.

Child Tickets

Change History (3)

comment:1 Changed 19 months ago by nickm

  • Resolution set to fixed
  • Status changed from new to closed

comment:2 Changed 13 months ago by nickm

  • Keywords 2016-bug-retrospective added

Marking these tickets (based on severity and hand-review) for inclusion in 2016 bug retrospective

comment:3 Changed 13 months ago by nickm

Mark more tickets for bug retrospective based on hand-review of changelogs from 0.2.5 onwards.

Note: See TracTickets for help on using tickets.