[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor/release-0.2.3] Fix a bug handling SENDME cells on nonexistent streams.

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [tor/release-0.2.3] Fix a bug handling SENDME cells on nonexistent streams.
From: arma@xxxxxxxxxxxxxx
Date: Fri, 6 Jul 2012 12:59:49 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 06 Jul 2012 08:59:46 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-commits>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
Patch-author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Sender: tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx

commit 419f541aa737d3ab230ec2595d0614e2d94a5e44
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date:   Fri Jul 6 07:29:54 2012 -0400

    Fix a bug handling SENDME cells on nonexistent streams.
    
    This could result in bizarre window values. Report and patch
    contributed pseudymously.  Fixes part of bug 6271. This bug was
    introduced before the first Tor release, in svn commit r152.
    
    (bug 6271, part a.)
---
 changes/bug6271 |    7 +++++++
 src/or/relay.c  |    7 ++++++-
 2 files changed, 13 insertions(+), 1 deletions(-)

diff --git a/changes/bug6271 b/changes/bug6271
new file mode 100644
index 0000000..06b129f
--- /dev/null
+++ b/changes/bug6271
@@ -0,0 +1,7 @@
+   o Major bugfixes
+
+     - Fix a bug handling SENDME cells on nonexistent streams that
+       could result in bizarre window values. Report and patch
+       contributed pseudymously.  Fixes part of bug 6271. This bug
+       was introduced before the first Tor release, in svn commit
+       r152.
diff --git a/src/or/relay.c b/src/or/relay.c
index b637fad..50c1455 100644
--- a/src/or/relay.c
+++ b/src/or/relay.c
@@ -1220,7 +1220,7 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ,
                "'connected' received, no conn attached anymore. Ignoring.");
       return 0;
     case RELAY_COMMAND_SENDME:
-      if (!conn) {
+      if (!rh.stream_id) {
         if (layer_hint) {
           layer_hint->package_window += CIRCWINDOW_INCREMENT;
           log_debug(LD_APP,"circ-level sendme at origin, packagewindow %d.",
@@ -1235,6 +1235,11 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ,
         }
         return 0;
       }
+      if (!conn) {
+        log_info(domain,"sendme cell dropped, unknown stream (streamid %d).",
+                 rh.stream_id);
+        return 0;
+      }
       conn->package_window += STREAMWINDOW_INCREMENT;
       log_debug(domain,"stream-level sendme, packagewindow now %d.",
                 conn->package_window);



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Prev by Author: [tor-commits] [tor/release-0.2.3] On windows, ENOBUFS starts with WSA. #6296. Fix on 0.2.18-rc
Next by Author: [tor-commits] [tor/release-0.2.3] Merge remote-tracking branch 'nickm/bug6271_part_a' into maint-0.2.3
Previous by thread: [tor-commits] [tor/release-0.2.3] On windows, ENOBUFS starts with WSA. #6296. Fix on 0.2.18-rc
Next by thread: [tor-commits] [tor/release-0.2.3] Merge remote-tracking branch 'nickm/bug6271_part_a' into maint-0.2.3
Index(es):
- Author
- Thread