diff options
-rw-r--r-- | src/or/circuitbuild.c | 7 | ||||
-rw-r--r-- | src/or/circuitlist.c | 2 | ||||
-rw-r--r-- | src/or/command.c | 1 | ||||
-rw-r--r-- | src/or/cpuworker.c | 2 | ||||
-rw-r--r-- | src/or/or.h | 7 |
5 files changed, 16 insertions, 3 deletions
diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index 92b2ee7e6a..27f198c3de 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -414,10 +414,12 @@ circuit_n_conn_done(connection_t *or_conn, int status) } } else { /* pull the create cell out of circ->onionskin, and send it */ + tor_assert(circ->onionskin); if (circuit_deliver_create_cell(circ,CELL_CREATE,circ->onionskin) < 0) { circuit_mark_for_close(circ); continue; } + tor_free(circ->onionskin); } } } @@ -522,7 +524,7 @@ circuit_send_next_onion_skin(circuit_t *circ) return -1; } } else { - /* We are not an OR, and we building the first hop of a circuit to + /* We are not an OR, and we're building the first hop of a circuit to * a new OR: we can be speedy. */ cell_type = CELL_CREATE_FAST; memset(payload, 0, sizeof(payload)); @@ -643,6 +645,7 @@ circuit_extend(cell_t *cell, circuit_t *circ) info(LD_CIRC|LD_OR,"Next router (%s:%d) not connected. Connecting.", tmpbuf, circ->n_port); + circ->onionskin = tor_malloc(ONIONSKIN_CHALLENGE_LEN); memcpy(circ->onionskin, onionskin, ONIONSKIN_CHALLENGE_LEN); circ->state = CIRCUIT_STATE_OR_WAIT; @@ -1197,6 +1200,8 @@ choose_good_exit_server_general(routerlist_t *dir, int need_uptime, smartlist_subtract(sl,excludedexits); if (options->StrictExitNodes || smartlist_overlap(sl,preferredexits)) smartlist_intersect(sl,preferredexits); + /* XXX sometimes the above results in null, when the requested + * exit node is down. we should pick it anyway. */ router = routerlist_sl_choose_by_bandwidth(sl); if (router) break; diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c index abe083d313..5f0ec2d9b5 100644 --- a/src/or/circuitlist.c +++ b/src/or/circuitlist.c @@ -250,6 +250,7 @@ circuit_free(circuit_t *circ) circuit_free_cpath_node(circ->build_state->pending_final_cpath); } tor_free(circ->build_state); + tor_free(circ->onionskin); circuit_free_cpath(circ->cpath); if (circ->rend_splice) { circ->rend_splice->rend_splice = NULL; @@ -792,6 +793,7 @@ assert_circuit_ok(const circuit_t *c) tor_assert(c->deliver_window >= 0); tor_assert(c->package_window >= 0); if (c->state == CIRCUIT_STATE_OPEN) { + tor_assert(!c->onionskin); if (c->cpath) { tor_assert(CIRCUIT_IS_ORIGIN(c)); tor_assert(!c->n_crypto); diff --git a/src/or/command.c b/src/or/command.c index 2c971734c0..75a4ab98a2 100644 --- a/src/or/command.c +++ b/src/or/command.c @@ -200,6 +200,7 @@ command_process_create_cell(cell_t *cell, connection_t *conn) circ->purpose = CIRCUIT_PURPOSE_OR; circ->state = CIRCUIT_STATE_ONIONSKIN_PENDING; if (cell->command == CELL_CREATE) { + circ->onionskin = tor_malloc(ONIONSKIN_CHALLENGE_LEN); memcpy(circ->onionskin, cell->payload, ONIONSKIN_CHALLENGE_LEN); /* hand it off to the cpuworkers, and then return */ diff --git a/src/or/cpuworker.c b/src/or/cpuworker.c index bc31faaf8d..d5f2e45998 100644 --- a/src/or/cpuworker.c +++ b/src/or/cpuworker.c @@ -428,6 +428,7 @@ assign_to_cpuworker(connection_t *cpuworker, uint8_t question_type, if (question_type == CPUWORKER_TASK_ONION) { circ = task; + tor_assert(circ->onionskin); if (num_cpuworkers_busy == num_cpuworkers) { debug(LD_OR,"No idle cpuworkers. Queuing."); @@ -453,6 +454,7 @@ assign_to_cpuworker(connection_t *cpuworker, uint8_t question_type, connection_write_to_buf((char*)&question_type, 1, cpuworker); connection_write_to_buf(tag, sizeof(tag), cpuworker); connection_write_to_buf(circ->onionskin, ONIONSKIN_CHALLENGE_LEN, cpuworker); + tor_free(circ->onionskin); } return 0; } diff --git a/src/or/or.h b/src/or/or.h index 535bfc2600..8386b53bb6 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -1068,8 +1068,11 @@ struct circuit_t { */ crypt_path_t *cpath; - /** For storage while passing to cpuworker, or while n_conn is pending. */ - char onionskin[ONIONSKIN_CHALLENGE_LEN]; + /** For storage while passing to cpuworker (state + * CIRCUIT_STATE_ONIONSKIN_PENDING), or while n_conn is pending + * (state CIRCUIT_STATE_OR_WAIT). When defined, it is always + * length ONIONSKIN_CHALLENGE_LEN. */ + char *onionskin; char handshake_digest[DIGEST_LEN]; /**< Stores KH for intermediate hops. */ |