From 612b801ea53cd0b318e3bf88da5bb5de6b507226 Mon Sep 17 00:00:00 2001
From: David Goulet <dgoulet@torproject.org>
Date: Mon, 15 Apr 2024 14:45:29 -0400
Subject: conflux: Don't process a closed circuit on get packaged window

Signed-off-by: David Goulet <dgoulet@torproject.org>
---
 src/core/or/conflux_util.c | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'src')

diff --git a/src/core/or/conflux_util.c b/src/core/or/conflux_util.c
index 31ab983f8f..4277424ec8 100644
--- a/src/core/or/conflux_util.c
+++ b/src/core/or/conflux_util.c
@@ -33,6 +33,13 @@ int
 circuit_get_package_window(circuit_t *circ,
                            const crypt_path_t *cpath)
 {
+  /* We believe it is possible to get a closed circuit related to the
+   * on_circuit pointer of a connection not being nullified before ending up
+   * here. Else, this can lead to loud bug like experienced in #40908. */
+  if (circ->marked_for_close) {
+    return 0;
+  }
+
   if (circ->conflux) {
     if (CIRCUIT_IS_ORIGIN(circ)) {
       tor_assert_nonfatal(circ->purpose ==
-- 
cgit v1.2.3-54-g00ecf