Always check the retval of circpad_machine_current_state().

2 files changed, 10 insertions, 0 deletions

diff --git a/changes/bug31024 b/changes/bug31024
new file mode 100644
index 0000000000..888fb2a26b
--- /dev/null
+++ b/changes/bug31024
@@ -0,0 +1,4 @@
+  o Minor bugfixes (circuitpadding):
+    - Add two NULL checks in unreachable places to silence Coverity (CID 144729
+      and 1447291) and better future proof ourselves. Fixes bug 31024; bugfix
+      on 0.4.1.1-alpha.
\ No newline at end of file
diff --git a/src/core/or/circuitpadding.c b/src/core/or/circuitpadding.c
index 626787da7b..c4670bbc2f 100644
--- a/src/core/or/circuitpadding.c
+++ b/src/core/or/circuitpadding.c
@@ -450,6 +450,9 @@ circpad_is_token_removal_supported(circpad_machine_runtime_t *mi)
     /* Machines that do want token removal are less sensitive to performance.
      * Let's spend some time to check that our state is consistent and sane */
     const circpad_state_t *state = circpad_machine_current_state(mi);
+    if (BUG(!state)) {
+      return 1;
+    }
     tor_assert_nonfatal(state->token_removal != CIRCPAD_TOKEN_REMOVAL_NONE);
     tor_assert_nonfatal(state->histogram_len == mi->histogram_len);
     tor_assert_nonfatal(mi->histogram_len != 0);
@@ -1667,6 +1670,9 @@ circpad_estimate_circ_rtt_on_received(circuit_t *circ,
     }
   } else {
     const circpad_state_t *state = circpad_machine_current_state(mi);
+    if (BUG(!state)) {
+      return;
+    }
 
     /* Since monotime is unpredictably expensive, only update this field
      * if rtt estimates are needed. Otherwise, stop the rtt update. */