Opened 19 months ago

Closed 18 months ago

Last modified 17 months ago

#30176 closed defect (fixed)

Clear memory in smartlist_remove_keeporder.

Reported by: paldium Owned by:
Priority: Medium Milestone: Tor: 0.4.1.x-final
Component: Core Tor/Tor Version: Tor: unspecified
Severity: Minor Keywords: defense-in-depth? dgoulet-merge
Cc: Actual Points:
Parent ID: Points:
Reviewer: nickm Sponsor:


The smartlist functions take great care to reset unused pointers inside
the smartlist memory to NULL.

The function smartlist_remove_keeporder does not clear memory in such
way when elements have been removed. Therefore call memset after the
for-loop that removes elements. If no element is removed, it is
effectively a no-op.

Child Tickets

Attachments (2)

Change History (10)

comment:1 Changed 19 months ago by nickm

Keywords: 035-backport? 040-backport? defense-in-depth? added
Milestone: Tor: 0.4.1.x-final
Status: newneeds_review

comment:2 Changed 19 months ago by asn

Reviewer: nickm

comment:3 Changed 19 months ago by nickm

Looks good to me. I've put it in a branch called ticket30176, and added a changes file and a comment. For CI purposes I've made a PR at . If CI passes, let's merge.

comment:4 Changed 19 months ago by nickm

Status: needs_reviewmerge_ready

CI has passed.

comment:5 Changed 19 months ago by nickm

Keywords: dgoulet-merge added

comment:6 Changed 18 months ago by dgoulet

Resolution: fixed
Status: merge_readyclosed


I don't think this qualifies as a backport contender considering 0.4.0 is in -rc.

comment:7 Changed 18 months ago by nickm

Agreed wrt the backport; this is a defense-in-depth thing, not a bug.

comment:8 Changed 17 months ago by teor

Keywords: 035-backport? 040-backport? removed
Note: See TracTickets for help on using tickets.