[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #7471 [Tor]: circuit_unlink_all_from_channel() is brain-damaged
#7471: circuit_unlink_all_from_channel() is brain-damaged
--------------------+-------------------------------------------------------
Reporter: andrea | Owner: andrea
Type: defect | Status: new
Priority: normal | Milestone: Tor: 0.2.4.x-final
Component: Tor | Version: Tor: 0.2.4.5-alpha
Keywords: | Parent:
Points: | Actualpoints:
--------------------+-------------------------------------------------------
The circuit_unlink_all_from_channel() function calls
channel_unlink_all_circuits() and then circuit_mark_for_close() on each
circuit in a loop. The channel_unlink_all_circuits() call resets the
channel's num_n_circuits and num_p_circutis to 0, and then they get
decremented, which causes them to wrap back below 0, and in the case of
spliced rendezvous circuits the circuit_mark_for_close() after detachment
from the cmux in channel_unlink_all-circuits() can lead to a spurious
circuit_clear_cell_queue() with no cmux to update on. This function
should be rewritten to be less stupid.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7471>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs