diff options
| author | Nick Mathewson <nickm@torproject.org> | 2017-02-03 10:14:25 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2017-02-03 10:35:07 -0500 |
| commit | 19e25d5cabd23f28044ccbddc01e5cacbde2cfcb (patch) | |
| tree | 5c7d209abd9dc33ab61990e05c783940e623dcd1 /src | |
| parent | 9d5a9feb404c61d93309eea1c68fcae3ff0cf8f3 (diff) | |
| download | tor-19e25d5cabd23f28044ccbddc01e5cacbde2cfcb.tar.gz tor-19e25d5cabd23f28044ccbddc01e5cacbde2cfcb.zip | |
Prevention: never die from extend_info_from_node() failure.
Bug 21242 occurred because we asserted that extend_info_from_node()
had succeeded...even though we already had the code to handle such a
failure. We fixed that in 93b39c51629ed0ded2bf807cb6.
But there were four other cases in our code where we called
extend_info_from_node() and either tor_assert()ed that it returned
non-NULL, or [in one case] silently assumed that it returned
non-NULL. That's not such a great idea. This patch makes those
cases check for a bug of this kind instead.
Fixes bug 21372; bugfix on 0.2.3.1-alpha when
extend_info_from_node() was introduced.
Diffstat (limited to 'src')
| -rw-r--r-- | src/or/circuitbuild.c | 5 | ||||
| -rw-r--r-- | src/or/control.c | 7 | ||||
| -rw-r--r-- | src/or/rendservice.c | 3 |
3 files changed, 8 insertions, 7 deletions
diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index 88445f9248..8a57d8387a 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -2110,7 +2110,8 @@ onion_pick_cpath_exit(origin_circuit_t *circ, extend_info_t *exit_ei) return -1; } exit_ei = extend_info_from_node(node, 0); - tor_assert(exit_ei); + if (BUG(exit_ei == NULL)) + return -1; } state->chosen_exit = exit_ei; return 0; @@ -2376,7 +2377,7 @@ onion_extend_cpath(origin_circuit_t *circ) choose_good_middle_server(purpose, state, circ->cpath, cur_len); if (r) { info = extend_info_from_node(r, 0); - tor_assert(info); + tor_assert_nonfatal(info); } } diff --git a/src/or/control.c b/src/or/control.c index 2c71ea5bb9..b0a687679d 100644 --- a/src/or/control.c +++ b/src/or/control.c @@ -3377,7 +3377,8 @@ handle_control_extendcircuit(control_connection_t *conn, uint32_t len, SMARTLIST_FOREACH(nodes, const node_t *, node, { extend_info_t *info = extend_info_from_node(node, first_node); - if (first_node && !info) { + if (!info) { + tor_assert_nonfatal(first_node); log_warn(LD_CONTROL, "controller tried to connect to a node that doesn't have any " "addresses that are allowed by the firewall configuration; " @@ -3385,10 +3386,6 @@ handle_control_extendcircuit(control_connection_t *conn, uint32_t len, circuit_mark_for_close(TO_CIRCUIT(circ), -END_CIRC_REASON_CONNECTFAILED); connection_write_str_to_buf("551 Couldn't start circuit\r\n", conn); goto done; - } else { - /* True, since node_has_descriptor(node) == true and we are extending - * to the node's primary address */ - tor_assert(info); } circuit_append_new_exit(circ, info); extend_info_free(info); diff --git a/src/or/rendservice.c b/src/or/rendservice.c index 4c5372cc43..1d6fc0f96d 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -4162,6 +4162,9 @@ rend_consider_services_intro_points(void) * even if we are a single onion service and intend to connect to it * directly ourselves. */ intro->extend_info = extend_info_from_node(node, 0); + if (BUG(intro->extend_info == NULL)) { + break; + } intro->intro_key = crypto_pk_new(); const int fail = crypto_pk_generate_key(intro->intro_key); tor_assert(!fail); |