Make pending libevent actions cancelable

This avoids a dangling pointer issue in the 3412 code, and should
fix bug 4599.

3 files changed, 25 insertions, 20 deletions

diff --git a/src/common/compat_libevent.c b/src/common/compat_libevent.c
index 3a754bef70..67f465927c 100644
--- a/src/common/compat_libevent.c
+++ b/src/common/compat_libevent.c
@@ -558,17 +558,17 @@ tor_check_libevent_header_compatibility(void)
 #endif
 }
 
-typedef struct runnable_t {
+struct tor_libevent_action_t {
   struct event *ev;
   void (*cb)(void *arg);
   void *arg;
-} runnable_t;
+};
 
 /** Callback for tor_run_in_libevent_loop */
 static void
 run_runnable_cb(evutil_socket_t s, short what, void *arg)
 {
-  runnable_t *r = arg;
+  tor_libevent_action_t *r = arg;
   void (*cb)(void *) = r->cb;
   void *cb_arg = r->arg;
   (void)what;
@@ -584,22 +584,32 @@ run_runnable_cb(evutil_socket_t s, short what, void *arg)
  * deep inside a no-reentrant code and there's some function you want to call
  * without worrying about whether it might cause reeentrant invocation.
  */
-int
+tor_libevent_action_t *
 tor_run_in_libevent_loop(void (*cb)(void *arg), void *arg)
 {
-  runnable_t *r = tor_malloc(sizeof(runnable_t));
+  tor_libevent_action_t *r = tor_malloc(sizeof(tor_libevent_action_t));
   r->cb = cb;
   r->arg = arg;
   r->ev = tor_event_new(tor_libevent_get_base(), -1, EV_TIMEOUT,
                         run_runnable_cb, r);
   if (!r->ev) {
     tor_free(r);
-    return -1;
+    return NULL;
   }
   /* Make the event active immediately. */
   event_active(r->ev, EV_TIMEOUT, 1);
 
-  return 0;
+  return r;
+}
+
+/**
+ * Cancel <b>action</b> without running it.
+ */
+void
+tor_cancel_libevent_action(tor_libevent_action_t *action)
+{
+  tor_event_free(action->ev);
+  tor_free(action);
 }
 
 /*
diff --git a/src/common/compat_libevent.h b/src/common/compat_libevent.h
index 3f916d16b0..4076cc0e08 100644
--- a/src/common/compat_libevent.h
+++ b/src/common/compat_libevent.h
@@ -44,10 +44,12 @@ void tor_event_free(struct event *ev);
 #define tor_evdns_add_server_port evdns_add_server_port
 #endif
 
-typedef struct periodic_timer_t periodic_timer_t;
-
-int tor_run_in_libevent_loop(void (*cb)(void *arg), void *arg);
+typedef struct tor_libevent_action_t tor_libevent_action_t;
+tor_libevent_action_t *tor_run_in_libevent_loop(void (*cb)(void *arg),
+                                                void *arg);
+void tor_cancel_libevent_action(tor_libevent_action_t *action);
 
+typedef struct periodic_timer_t periodic_timer_t;
 periodic_timer_t *periodic_timer_new(struct event_base *base,
              const struct timeval *tv,
              void (*cb)(periodic_timer_t *timer, void *data),
diff --git a/src/common/tortls.c b/src/common/tortls.c
index b4d81de2f3..a6947c87d8 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -1339,16 +1339,9 @@ tor_tls_got_client_hello(tor_tls_t *tls)
              tls->excess_renegotiations_callback) {
     /* We got more than one renegotiation requests. The Tor protocol
        needs just one renegotiation; more than that probably means
-       They are trying to DoS us and we have to stop them. We can't
-       close their connection from in here since it's an OpenSSL
-       callback, so we set a libevent timer that triggers in the next
-       event loop and closes the connection. */
-
-    if (tor_run_in_libevent_loop(tls->excess_renegotiations_callback,
-                                 tls->callback_arg) < 0) {
-      log_warn(LD_GENERAL, "Didn't manage to set a renegotiation "
-               "limiting callback.");
-    }
+       They are trying to DoS us and we have to stop them. */
+
+    tls->excess_renegotiations_callback(tls->callback_arg);
   }
 
   /* Now check the cipher list. */