summaryrefslogtreecommitdiff
path: root/src/or
diff options
context:
space:
mode:
Diffstat (limited to 'src/or')
-rw-r--r--src/or/circuitbuild.c7
-rw-r--r--src/or/circuitlist.c2
-rw-r--r--src/or/command.c1
-rw-r--r--src/or/cpuworker.c2
-rw-r--r--src/or/or.h7
5 files changed, 16 insertions, 3 deletions
diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c
index 92b2ee7e6a..27f198c3de 100644
--- a/src/or/circuitbuild.c
+++ b/src/or/circuitbuild.c
@@ -414,10 +414,12 @@ circuit_n_conn_done(connection_t *or_conn, int status)
}
} else {
/* pull the create cell out of circ->onionskin, and send it */
+ tor_assert(circ->onionskin);
if (circuit_deliver_create_cell(circ,CELL_CREATE,circ->onionskin) < 0) {
circuit_mark_for_close(circ);
continue;
}
+ tor_free(circ->onionskin);
}
}
}
@@ -522,7 +524,7 @@ circuit_send_next_onion_skin(circuit_t *circ)
return -1;
}
} else {
- /* We are not an OR, and we building the first hop of a circuit to
+ /* We are not an OR, and we're building the first hop of a circuit to
* a new OR: we can be speedy. */
cell_type = CELL_CREATE_FAST;
memset(payload, 0, sizeof(payload));
@@ -643,6 +645,7 @@ circuit_extend(cell_t *cell, circuit_t *circ)
info(LD_CIRC|LD_OR,"Next router (%s:%d) not connected. Connecting.",
tmpbuf, circ->n_port);
+ circ->onionskin = tor_malloc(ONIONSKIN_CHALLENGE_LEN);
memcpy(circ->onionskin, onionskin, ONIONSKIN_CHALLENGE_LEN);
circ->state = CIRCUIT_STATE_OR_WAIT;
@@ -1197,6 +1200,8 @@ choose_good_exit_server_general(routerlist_t *dir, int need_uptime,
smartlist_subtract(sl,excludedexits);
if (options->StrictExitNodes || smartlist_overlap(sl,preferredexits))
smartlist_intersect(sl,preferredexits);
+ /* XXX sometimes the above results in null, when the requested
+ * exit node is down. we should pick it anyway. */
router = routerlist_sl_choose_by_bandwidth(sl);
if (router)
break;
diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c
index abe083d313..5f0ec2d9b5 100644
--- a/src/or/circuitlist.c
+++ b/src/or/circuitlist.c
@@ -250,6 +250,7 @@ circuit_free(circuit_t *circ)
circuit_free_cpath_node(circ->build_state->pending_final_cpath);
}
tor_free(circ->build_state);
+ tor_free(circ->onionskin);
circuit_free_cpath(circ->cpath);
if (circ->rend_splice) {
circ->rend_splice->rend_splice = NULL;
@@ -792,6 +793,7 @@ assert_circuit_ok(const circuit_t *c)
tor_assert(c->deliver_window >= 0);
tor_assert(c->package_window >= 0);
if (c->state == CIRCUIT_STATE_OPEN) {
+ tor_assert(!c->onionskin);
if (c->cpath) {
tor_assert(CIRCUIT_IS_ORIGIN(c));
tor_assert(!c->n_crypto);
diff --git a/src/or/command.c b/src/or/command.c
index 2c971734c0..75a4ab98a2 100644
--- a/src/or/command.c
+++ b/src/or/command.c
@@ -200,6 +200,7 @@ command_process_create_cell(cell_t *cell, connection_t *conn)
circ->purpose = CIRCUIT_PURPOSE_OR;
circ->state = CIRCUIT_STATE_ONIONSKIN_PENDING;
if (cell->command == CELL_CREATE) {
+ circ->onionskin = tor_malloc(ONIONSKIN_CHALLENGE_LEN);
memcpy(circ->onionskin, cell->payload, ONIONSKIN_CHALLENGE_LEN);
/* hand it off to the cpuworkers, and then return */
diff --git a/src/or/cpuworker.c b/src/or/cpuworker.c
index bc31faaf8d..d5f2e45998 100644
--- a/src/or/cpuworker.c
+++ b/src/or/cpuworker.c
@@ -428,6 +428,7 @@ assign_to_cpuworker(connection_t *cpuworker, uint8_t question_type,
if (question_type == CPUWORKER_TASK_ONION) {
circ = task;
+ tor_assert(circ->onionskin);
if (num_cpuworkers_busy == num_cpuworkers) {
debug(LD_OR,"No idle cpuworkers. Queuing.");
@@ -453,6 +454,7 @@ assign_to_cpuworker(connection_t *cpuworker, uint8_t question_type,
connection_write_to_buf((char*)&question_type, 1, cpuworker);
connection_write_to_buf(tag, sizeof(tag), cpuworker);
connection_write_to_buf(circ->onionskin, ONIONSKIN_CHALLENGE_LEN, cpuworker);
+ tor_free(circ->onionskin);
}
return 0;
}
diff --git a/src/or/or.h b/src/or/or.h
index 535bfc2600..8386b53bb6 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -1068,8 +1068,11 @@ struct circuit_t {
*/
crypt_path_t *cpath;
- /** For storage while passing to cpuworker, or while n_conn is pending. */
- char onionskin[ONIONSKIN_CHALLENGE_LEN];
+ /** For storage while passing to cpuworker (state
+ * CIRCUIT_STATE_ONIONSKIN_PENDING), or while n_conn is pending
+ * (state CIRCUIT_STATE_OR_WAIT). When defined, it is always
+ * length ONIONSKIN_CHALLENGE_LEN. */
+ char *onionskin;
char handshake_digest[DIGEST_LEN]; /**< Stores KH for intermediate hops. */