diff options
| author | Roger Dingledine <arma@torproject.org> | 2003-11-18 10:17:52 +0000 |
|---|---|---|
| committer | Roger Dingledine <arma@torproject.org> | 2003-11-18 10:17:52 +0000 |
| commit | c00953d2a119b372c46fee27a9655ea00dabb577 (patch) | |
| tree | d926be0e05fbb7a82f3ad2e4acf61af83e541ae3 | |
| parent | f0cccc567ecfd318305c4b6bab05091a50532e2a (diff) | |
| download | tor-c00953d2a119b372c46fee27a9655ea00dabb577.tar.gz tor-c00953d2a119b372c46fee27a9655ea00dabb577.zip | |
make more sure we can't end up with two connections to the same OR
fix leaked pk in connection_tls_finish_handshake
svn:r839
| -rw-r--r-- | src/or/connection.c | 4 | ||||
| -rw-r--r-- | src/or/connection_or.c | 20 |
2 files changed, 13 insertions, 11 deletions
diff --git a/src/or/connection.c b/src/or/connection.c index e4685b787b..022e4d67a3 100644 --- a/src/or/connection.c +++ b/src/or/connection.c @@ -551,7 +551,6 @@ connection_t *connection_twin_get_by_addr_port(uint32_t addr, uint16_t port) { conn = carray[i]; assert(conn); if(connection_state_is_open(conn) && - !conn->marked_for_close && !crypto_pk_cmp_keys(conn->onion_pkey, router->onion_pkey)) { log(LOG_INFO,"connection_twin_get_by_addr_port(): Found twin (%s).",conn->address); return conn; @@ -629,6 +628,9 @@ int connection_is_listener(connection_t *conn) { int connection_state_is_open(connection_t *conn) { assert(conn); + if(conn->marked_for_close) + return 0; + if((conn->type == CONN_TYPE_OR && conn->state == OR_CONN_STATE_OPEN) || (conn->type == CONN_TYPE_AP && conn->state == AP_CONN_STATE_OPEN) || (conn->type == CONN_TYPE_EXIT && conn->state == EXIT_CONN_STATE_OPEN)) diff --git a/src/or/connection_or.c b/src/or/connection_or.c index bd2711230b..ecbd7eb70e 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -179,7 +179,8 @@ int connection_tls_continue_handshake(connection_t *conn) { static int connection_tls_finish_handshake(connection_t *conn) { crypto_pk_env_t *pk; routerinfo_t *router; - char nickname[255]; + char nickname[MAX_NICKNAME_LEN+1]; + connection_t *otherconn; conn->state = OR_CONN_STATE_OPEN; directory_set_dirty(); @@ -195,7 +196,7 @@ static int connection_tls_finish_handshake(connection_t *conn) { } } /* Okay; the other side is an OR. */ - if (tor_tls_get_peer_cert_nickname(conn->tls, nickname, 256)) { + if (tor_tls_get_peer_cert_nickname(conn->tls, nickname, MAX_NICKNAME_LEN)) { log_fn(LOG_WARN,"Other side (%s:%d) has a cert without a valid nickname. Closing.", conn->address, conn->port); return -1; @@ -223,21 +224,20 @@ static int connection_tls_finish_handshake(connection_t *conn) { } log_fn(LOG_DEBUG,"The router's pk matches the one we meant to connect to. Good."); } else { - if(connection_exact_get_by_addr_port(router->addr,router->or_port)) { - log_fn(LOG_INFO,"Router %s is already connected. Dropping.", router->nickname); - crypto_free_pk_env(pk); - return -1; - } connection_or_init_conn_from_router(conn, router); - crypto_free_pk_env(pk); } + crypto_free_pk_env(pk); if (strcmp(conn->nickname, nickname)) { log_fn(LOG_WARN,"Other side claims to be '%s', but we wanted '%s'", nickname, conn->nickname); return -1; } - if (!options.OnionRouter) { - /* If I'm an OP... */ + otherconn = connection_exact_get_by_addr_port(router->addr,router->or_port); + if(otherconn && connection_state_is_open(otherconn)) { + log_fn(LOG_INFO,"Router %s is already connected. Dropping.", router->nickname); + return -1; + } + if (!options.OnionRouter) { /* If I'm an OP... */ conn->receiver_bucket = conn->bandwidth = DEFAULT_BANDWIDTH_OP; circuit_n_conn_open(conn); /* send the pending creates, if any. */ } |