[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] r11336: Check correct circuit type when calling functions from rend_ (in tor/trunk: . src/or)



Author: nickm
Date: 2007-08-31 10:20:44 -0400 (Fri, 31 Aug 2007)
New Revision: 11336

Modified:
   tor/trunk/
   tor/trunk/ChangeLog
   tor/trunk/src/or/rendcommon.c
Log:
 r14871@catbus:  nickm | 2007-08-31 10:12:53 -0400
 Check correct circuit type when calling functions from rend_process_relay_cell. Backport candidate.



Property changes on: tor/trunk
___________________________________________________________________
 svk:merge ticket from /tor/trunk [r14871] on 8246c3cf-6607-4228-993b-4d95d33730f1

Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog	2007-08-31 14:20:41 UTC (rev 11335)
+++ tor/trunk/ChangeLog	2007-08-31 14:20:44 UTC (rev 11336)
@@ -13,6 +13,10 @@
     - Accept LF instead of CRLF on controller, since some software has a
       hard time generating real Internet newlines.
 
+  o Major bugfixes:
+    - Fix possible segfaults in functions called from
+      rend_process_relay_cell().
+
   o Minor bugfixes:
     - When generating information telling us how to extend to a given
       router, do not try to include the nickname if it is absent.  Fixes

Modified: tor/trunk/src/or/rendcommon.c
===================================================================
--- tor/trunk/src/or/rendcommon.c	2007-08-31 14:20:41 UTC (rev 11335)
+++ tor/trunk/src/or/rendcommon.c	2007-08-31 14:20:44 UTC (rev 11336)
@@ -445,7 +445,7 @@
 {
   or_circuit_t *or_circ = NULL;
   origin_circuit_t *origin_circ = NULL;
-  int r;
+  int r = -2;
   if (CIRCUIT_IS_ORIGIN(circ))
     origin_circ = TO_ORIGIN_CIRCUIT(circ);
   else
@@ -453,37 +453,48 @@
 
   switch (command) {
     case RELAY_COMMAND_ESTABLISH_INTRO:
-      r = rend_mid_establish_intro(or_circ,payload,length);
+      if (or_circ)
+        r = rend_mid_establish_intro(or_circ,payload,length);
       break;
     case RELAY_COMMAND_ESTABLISH_RENDEZVOUS:
-      r = rend_mid_establish_rendezvous(or_circ,payload,length);
+      if (or_circ)
+        r = rend_mid_establish_rendezvous(or_circ,payload,length);
       break;
     case RELAY_COMMAND_INTRODUCE1:
-      r = rend_mid_introduce(or_circ,payload,length);
+      if (or_circ)
+        r = rend_mid_introduce(or_circ,payload,length);
       break;
     case RELAY_COMMAND_INTRODUCE2:
-      r = rend_service_introduce(origin_circ,payload,length);
+      if (origin_circ)
+        r = rend_service_introduce(origin_circ,payload,length);
       break;
     case RELAY_COMMAND_INTRODUCE_ACK:
-      r = rend_client_introduction_acked(origin_circ,payload,length);
+      if (origin_circ)
+        r = rend_client_introduction_acked(origin_circ,payload,length);
       break;
     case RELAY_COMMAND_RENDEZVOUS1:
-      r = rend_mid_rendezvous(or_circ,payload,length);
+      if (or_circ)
+        r = rend_mid_rendezvous(or_circ,payload,length);
       break;
     case RELAY_COMMAND_RENDEZVOUS2:
-      r = rend_client_receive_rendezvous(origin_circ,payload,length);
+      if (origin_circ)
+        r = rend_client_receive_rendezvous(origin_circ,payload,length);
       break;
     case RELAY_COMMAND_INTRO_ESTABLISHED:
-      r = rend_service_intro_established(origin_circ,payload,length);
+      if (origin_circ)
+        r = rend_service_intro_established(origin_circ,payload,length);
       break;
     case RELAY_COMMAND_RENDEZVOUS_ESTABLISHED:
-      r = rend_client_rendezvous_acked(origin_circ,payload,length);
+      if (origin_circ)
+        r = rend_client_rendezvous_acked(origin_circ,payload,length);
       break;
     default:
-      tor_assert(0);
+      tor_fragile_assert();
   }
 
-  (void)r;
+  if (r == -2)
+    log_info(LD_PROTOCOL, "Dropping cell (type %d) for wrong circuit type.",
+             command);
 }
 
 /** Return the number of entries in our rendezvous descriptor cache. */