From 5aa45ed6af87efaec5d6d4a32e8acbc733be8c3d Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Wed, 19 Oct 2011 23:14:05 -0400 Subject: Fix crash when changing node restrictions with DNS lookup in progress Fixes bug 4259, bugfix on 0.2.2.25-alpha. Bugfix by "Tey'". Original message by submitter: Changing nodes restrictions using a controller while Tor is doing DNS resolution could makes Tor crashes (on WinXP at least). The problem can be repeated by trying to reach a non-existent domain using Tor: curl --socks4a 127.0.0.1:9050 inexistantdomain.ext .. and changing the ExitNodes parameter through the control port before Tor returns a DNS resolution error (of course, the following command won't work directly if the control port is password protected): echo SETCONF ExitNodes=TinyTurtle | nc -v 127.0.0.1 9051 Using a non-existent domain is needed to repeat the issue so that Tor takes a few seconds for resolving the domain (which allows us to change the configuration). Tor will crash while processing the configuration change. The bug is located in the addressmap_clear_excluded_trackexithosts method which iterates over the entries of the addresses map in order to check whether the changes made to the configuration will impact those entries. When a DNS resolving is in progress, the new_adress field of the associated entry will be set to NULL. The method doesn't expect this field to be NULL, hence the crash. --- changes/bug4259 | 4 ++++ src/or/connection_edge.c | 5 ++++- 2 files changed, 8 insertions(+), 1 deletion(-) create mode 100644 changes/bug4259 diff --git a/changes/bug4259 b/changes/bug4259 new file mode 100644 index 0000000000..bfccd3aee8 --- /dev/null +++ b/changes/bug4259 @@ -0,0 +1,4 @@ + o Major bugfixes: + - Fix a crash bug when changing node restrictions while a DNS lookup + is in-progress. Fixes bug 4259; bugfix on 0.2.2.25-alpha. Bugfix + by "Tey'". diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index 6a696092eb..4763bf59a2 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -831,7 +831,10 @@ addressmap_clear_excluded_trackexithosts(or_options_t *options) char *nodename; routerinfo_t *ri; /* XXX023 Use node_t. */ - if (strcmpend(target, ".exit")) { + if (!target) { + /* DNS resolving in progress */ + continue; + } else if (strcmpend(target, ".exit")) { /* Not a .exit mapping */ continue; } else if (ent->source != ADDRMAPSRC_TRACKEXIT) { -- cgit v1.2.3-54-g00ecf