Opened 22 months ago

Closed 22 months ago

Last modified 16 months ago

#17401 closed defect (fixed)

use-after-free in validate_intro_point_failure

Reported by: nickm Owned by:
Priority: Very High Milestone: Tor: 0.2.7.x-final
Component: Core Tor/Tor Version:
Severity: Major Keywords: 2016-bug-retrospective
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

In validate_intro_point_failure(), we look at identity after freeing intro. But identity is a reference into intro, so we shouldn't free intro till we're done with it.

Child Tickets

Change History (3)

comment:1 Changed 22 months ago by nickm

Resolution: fixed
Status: newclosed

comment:2 Changed 16 months ago by nickm

Keywords: 2016-bug-retrospective added

Marking these tickets (based on severity and hand-review) for inclusion in 2016 bug retrospective

comment:3 Changed 16 months ago by nickm

Mark more tickets for bug retrospective based on hand-review of changelogs from 0.2.5 onwards.

Note: See TracTickets for help on using tickets.