diff options
| -rw-r--r-- | changes/set_ns_crash | 4 | ||||
| -rw-r--r-- | src/or/networkstatus.c | 18 |
2 files changed, 15 insertions, 7 deletions
diff --git a/changes/set_ns_crash b/changes/set_ns_crash new file mode 100644 index 0000000000..34466d7ad0 --- /dev/null +++ b/changes/set_ns_crash @@ -0,0 +1,4 @@ + o Major bugfixes: + - Avoid a crash bug triggered by looking at a dangling pointer while + setting the network status consensus. Found by Robert Ransom. + Bugfix on 0.2.2.17-alpha. Fixes bug 2097. diff --git a/src/or/networkstatus.c b/src/or/networkstatus.c index 1d8a20be11..27049d9ef2 100644 --- a/src/or/networkstatus.c +++ b/src/or/networkstatus.c @@ -1706,6 +1706,10 @@ networkstatus_set_current_consensus(const char *consensus, if (current_consensus) { networkstatus_copy_old_consensus_info(c, current_consensus); networkstatus_vote_free(current_consensus); + /* Defensive programming : we should set current_consensus very soon, + * but we're about to call some stuff in the meantime, and leaving this + * dangling pointer around has proven to be trouble. */ + current_consensus = NULL; } } @@ -1731,13 +1735,6 @@ networkstatus_set_current_consensus(const char *consensus, download_status_failed(&consensus_dl_status[flav], 0); } - if (directory_caches_dir_info(options)) { - dirserv_set_cached_consensus_networkstatus(consensus, - flavor, - &c->digests, - c->valid_after); - } - if (flav == USABLE_CONSENSUS_FLAVOR) { current_consensus = c; c = NULL; /* Prevent free. */ @@ -1754,6 +1751,13 @@ networkstatus_set_current_consensus(const char *consensus, circuit_build_times_new_consensus_params(&circ_times, current_consensus); } + if (directory_caches_dir_info(options)) { + dirserv_set_cached_consensus_networkstatus(consensus, + flavor, + &c->digests, + c->valid_after); + } + if (!from_cache) { write_str_to_file(consensus_fname, consensus, 0); } |