Opened 2 years ago

Closed 2 years ago

Last modified 20 months ago

#17401 closed defect (fixed)

use-after-free in validate_intro_point_failure

Reported by: nickm Owned by:
Priority: Very High Milestone: Tor: 0.2.7.x-final
Component: Core Tor/Tor Version:
Severity: Major Keywords: 2016-bug-retrospective
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

In validate_intro_point_failure(), we look at identity after freeing intro. But identity is a reference into intro, so we shouldn't free intro till we're done with it.

Child Tickets

Change History (3)

comment:1 Changed 2 years ago by nickm

Resolution: fixed
Status: newclosed

5b2070198a9fa7d19f50ba165dc6ff274ffe073a fixes this one.

comment:2 Changed 20 months ago by nickm

Keywords: 2016-bug-retrospective added

Marking these tickets (based on severity and hand-review) for inclusion in 2016 bug retrospective

comment:3 Changed 20 months ago by nickm

Mark more tickets for bug retrospective based on hand-review of changelogs from 0.2.5 onwards.

Note: See TracTickets for help on using tickets.