diff options
Diffstat (limited to 'src/core/or/conflux_pool.c')
-rw-r--r-- | src/core/or/conflux_pool.c | 25 |
1 files changed, 21 insertions, 4 deletions
diff --git a/src/core/or/conflux_pool.c b/src/core/or/conflux_pool.c index 34417f8119..82043d607f 100644 --- a/src/core/or/conflux_pool.c +++ b/src/core/or/conflux_pool.c @@ -187,6 +187,8 @@ conflux_free_(conflux_t *cfx) if (!cfx) { return; } + tor_assert(cfx->legs); + tor_assert(cfx->ooo_q); SMARTLIST_FOREACH_BEGIN(cfx->legs, conflux_leg_t *, leg) { SMARTLIST_DEL_CURRENT(cfx->legs, leg); @@ -260,6 +262,8 @@ unlinked_free(unlinked_circuits_t *unlinked) if (!unlinked) { return; } + tor_assert(unlinked->legs); + /* This cfx is pointing to a linked set. */ if (!unlinked->is_for_linked_set) { conflux_free(unlinked->cfx); @@ -493,10 +497,6 @@ cfx_add_leg(conflux_t *cfx, leg_t *leg) /* Big trouble if we add a leg to the wrong set. */ tor_assert(tor_memeq(cfx->nonce, leg->link->nonce, sizeof(cfx->nonce))); - if (BUG(CONFLUX_NUM_LEGS(cfx) > CONFLUX_MAX_CIRCS)) { - return; - } - conflux_leg_t *cleg = tor_malloc_zero(sizeof(*cleg)); cleg->circ = leg->circ; // TODO-329-ARTI: Blindly copying the values from the cell. Is this correct? @@ -731,6 +731,9 @@ try_finalize_set(unlinked_circuits_t *unlinked) bool is_client; tor_assert(unlinked); + tor_assert(unlinked->legs); + tor_assert(unlinked->cfx); + tor_assert(unlinked->cfx->legs); /* Without legs, this is not ready to become a linked set. */ if (BUG(smartlist_len(unlinked->legs) == 0)) { @@ -738,6 +741,17 @@ try_finalize_set(unlinked_circuits_t *unlinked) goto end; } + /* If there are too many legs, we can't link. */ + if (smartlist_len(unlinked->legs) + + smartlist_len(unlinked->cfx->legs) > conflux_params_get_max_legs_set()) { + log_fn(LOG_PROTOCOL_WARN, LD_CIRC, + "Conflux set has too many legs to link. " + "Rejecting this circuit."); + conflux_log_set(LOG_PROTOCOL_WARN, unlinked->cfx, unlinked->is_client); + err = ERR_LINK_CIRC_INVALID_LEG; + goto end; + } + /* Validate that all legs are coherent and parameters match. On failure, we * teardown the whole unlinked set because this means we either have a code * flow problem or the Exit is trying to trick us. */ @@ -1601,6 +1615,9 @@ linked_circuit_free(circuit_t *circ, bool is_client) { tor_assert(circ); tor_assert(circ->conflux); + tor_assert(circ->conflux->legs); + tor_assert(circ->conflux->ooo_q); + if (is_client) { tor_assert(circ->purpose == CIRCUIT_PURPOSE_CONFLUX_LINKED); } |