diff options
| author | Nick Mathewson <nickm@torproject.org> | 2017-09-29 10:00:14 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2017-09-29 10:00:14 -0400 |
| commit | f7222e6d8cf31ce0e2a4653477ab42645c045db6 (patch) | |
| tree | 4fe568b1d0445496b8c537f2c08acb93a0390adb | |
| parent | 8e52c46581ca8279c0f132a822e06f10e5f4676d (diff) | |
| download | tor-f7222e6d8cf31ce0e2a4653477ab42645c045db6.tar.gz tor-f7222e6d8cf31ce0e2a4653477ab42645c045db6.zip | |
Clear outbuf_flushlen when we clear a connection's outbuf
When we added single_conn_free_bytes(), we cleared the outbuf on a
connection without setting outbuf_flushlen() to 0. This could cause
an assertion failure later on in flush_buf().
Fixes bug 23690; bugfix on 0.2.6.1-alpha.
| -rw-r--r-- | changes/bug23690 | 5 | ||||
| -rw-r--r-- | src/or/circuitlist.c | 1 |
2 files changed, 6 insertions, 0 deletions
diff --git a/changes/bug23690 b/changes/bug23690 new file mode 100644 index 0000000000..36ff32e499 --- /dev/null +++ b/changes/bug23690 @@ -0,0 +1,5 @@ + o Major bugfixes (relay, crash, assertion failure): + - Fix a timing-based assertion failure that could occur when the + circuit out-of-memory handler freed a connection's output buffer. + Fixes bug 23690; bugfix on 0.2.6.1-alpha. + diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c index d7dbfe5744..b710485908 100644 --- a/src/or/circuitlist.c +++ b/src/or/circuitlist.c @@ -1939,6 +1939,7 @@ single_conn_free_bytes(connection_t *conn) if (conn->outbuf) { result += buf_allocation(conn->outbuf); buf_clear(conn->outbuf); + conn->outbuf_flushlen = 0; } if (conn->type == CONN_TYPE_DIR) { dir_connection_t *dir_conn = TO_DIR_CONN(conn); |