aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2013-02-11 16:59:21 -0500
committerNick Mathewson <nickm@torproject.org>2013-02-11 16:59:21 -0500
commitf3835bcb37b56478adab7bee312cda2344190b38 (patch)
tree028d92ccde1bc2904e3fd182bd3d619ee880729c
parent719940df2bdfbd0f5ee02a9ca404f345d2fc49e8 (diff)
downloadtor-f3835bcb37b56478adab7bee312cda2344190b38.tar.gz
tor-f3835bcb37b56478adab7bee312cda2344190b38.zip
Avoid null-pointer deref in pathbias_is_new_circ_attempt
Coverity is worried about this (CID 980653). It hasn't happened in testing, but we might as well make sure it can't happen.
-rw-r--r--src/or/circuitbuild.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c
index b9a4f89030..163afd3d29 100644
--- a/src/or/circuitbuild.c
+++ b/src/or/circuitbuild.c
@@ -1307,7 +1307,8 @@ pathbias_is_new_circ_attempt(origin_circuit_t *circ)
/* cpath is a circular list. We want circs with more than one hop,
* and the second hop must be waiting for keys still (it's just
* about to get them). */
- return circ->cpath->next != circ->cpath &&
+ return circ->cpath &&
+ circ->cpath->next != circ->cpath &&
circ->cpath->next->state == CPATH_STATE_AWAITING_KEYS;
#else
/* If tagging attacks are no longer possible, we probably want to
@@ -1315,7 +1316,8 @@ pathbias_is_new_circ_attempt(origin_circuit_t *circ)
* timing-based tagging is still more useful than per-hop failure.
* In which case, we'd never want to use this.
*/
- return circ->cpath->state == CPATH_STATE_AWAITING_KEYS;
+ return circ->cpath &&
+ circ->cpath->state == CPATH_STATE_AWAITING_KEYS;
#endif
}