diff options
| author | Nick Mathewson <nickm@torproject.org> | 2012-11-11 22:20:59 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2012-11-12 08:28:09 -0500 |
| commit | f473d83deaf893c6efe49094cfc5d9b435e7fcb9 (patch) | |
| tree | 4732843f92e299cd46cb4ff6c13ab8d2b91f075f | |
| parent | 0523c8de7d7f775e9a89134340f88ae00bde158b (diff) | |
| download | tor-f473d83deaf893c6efe49094cfc5d9b435e7fcb9.tar.gz tor-f473d83deaf893c6efe49094cfc5d9b435e7fcb9.zip | |
Possible fix for bug 7212
This is the simplest possible workaround: make it safe to call
circuit_cell_queue_clear() on a non-attached circuit, and make it
safe-but-a-LD_BUG-warning to call update_circuit_on_cmux() on a
non-attached circuit.
LocalWords: unstage src Untracked
| -rw-r--r-- | changes/bug7212 | 6 | ||||
| -rw-r--r-- | src/or/relay.c | 12 | ||||
| -rw-r--r-- | src/or/relay.h | 5 |
3 files changed, 19 insertions, 4 deletions
diff --git a/changes/bug7212 b/changes/bug7212 new file mode 100644 index 0000000000..be68f50ff7 --- /dev/null +++ b/changes/bug7212 @@ -0,0 +1,6 @@ + o Major bugfixes (relay): + - Fix an assertion failure that could occur when closing a connection + with a spliced rendezvous circuit. Fix for bug 7212; bugfix on + Tor 0.2.4.4-alpha. + + diff --git a/src/or/relay.c b/src/or/relay.c index bd99d91dca..0f0d1df414 100644 --- a/src/or/relay.c +++ b/src/or/relay.c @@ -1976,7 +1976,8 @@ cell_queue_pop(cell_queue_t *queue) * circuit mux. */ void -update_circuit_on_cmux(circuit_t *circ, cell_direction_t direction) +update_circuit_on_cmux_(circuit_t *circ, cell_direction_t direction, + const char *file, int lineno) { channel_t *chan = NULL; or_circuit_t *or_circ = NULL; @@ -1999,7 +2000,11 @@ update_circuit_on_cmux(circuit_t *circ, cell_direction_t direction) cmux = chan->cmux; /* Cmux sanity check */ - tor_assert(circuitmux_is_circuit_attached(cmux, circ)); + if (! circuitmux_is_circuit_attached(cmux, circ)) { + log_warn(LD_BUG, "called on non-attachd circuit from %s:%d", + file, lineno); + return; + } tor_assert(circuitmux_attached_circuit_direction(cmux, circ) == direction); assert_cmux_ok_paranoid(chan); @@ -2334,7 +2339,8 @@ circuit_clear_cell_queue(circuit_t *circ, channel_t *chan) cell_queue_clear(queue); /* Update the cell counter in the cmux */ - update_circuit_on_cmux(circ, direction); + if (chan->cmux && circuitmux_is_circuit_attached(chan->cmux, circ)) + update_circuit_on_cmux(circ, direction); } /** Fail with an assert if the circuit mux on chan is corrupt diff --git a/src/or/relay.h b/src/or/relay.h index 3906d6bf85..0f7b45fef3 100644 --- a/src/or/relay.h +++ b/src/or/relay.h @@ -54,7 +54,10 @@ void append_cell_to_circuit_queue(circuit_t *circ, channel_t *chan, void channel_unlink_all_circuits(channel_t *chan); int channel_flush_from_first_active_circuit(channel_t *chan, int max); void assert_circuit_mux_okay(channel_t *chan); -void update_circuit_on_cmux(circuit_t *circ, cell_direction_t direction); +void update_circuit_on_cmux_(circuit_t *circ, cell_direction_t direction, + const char *file, int lineno); +#define update_circuit_on_cmux(circ, direction) \ + update_circuit_on_cmux_((circ), (direction), SHORT_FILE__, __LINE__) int append_address_to_payload(uint8_t *payload_out, const tor_addr_t *addr); const uint8_t *decode_address_from_payload(tor_addr_t *addr_out, |