[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor] branch main updated: cmux: Don't pick a marked for close circuit as active



This is an automated email from the git hooks/post-receive script.

dgoulet pushed a commit to branch main
in repository tor.

The following commit(s) were added to refs/heads/main by this push:
     new 4f1298e418 cmux: Don't pick a marked for close circuit as active
4f1298e418 is described below

commit 4f1298e4189f8bda8ecf48cf7ff25445698d747a
Author: David Goulet <dgoulet@xxxxxxxxxxxxxx>
AuthorDate: Thu Jun 23 09:41:54 2022 -0400

    cmux: Don't pick a marked for close circuit as active
    
    Fixes #25312
    
    Signed-off-by: David Goulet <dgoulet@xxxxxxxxxxxxxx>
---
 changes/ticket25312           |  3 +++
 src/core/or/circuitmux_ewma.c | 12 ++++++++++--
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/changes/ticket25312 b/changes/ticket25312
new file mode 100644
index 0000000000..5de1a48260
--- /dev/null
+++ b/changes/ticket25312
@@ -0,0 +1,3 @@
+  o Minor bugfixes (circuit):
+    - Fix a tiny window where a circuit can be chosen as active but is marked
+      for close. Fixes bug 25312; bugfix on 0.2.4.4-alpha.
diff --git a/src/core/or/circuitmux_ewma.c b/src/core/or/circuitmux_ewma.c
index adf256ab05..18c726c9ba 100644
--- a/src/core/or/circuitmux_ewma.c
+++ b/src/core/or/circuitmux_ewma.c
@@ -35,6 +35,7 @@
 #include <math.h>
 
 #include "core/or/or.h"
+#include "core/or/circuit_st.h"
 #include "core/or/circuitmux.h"
 #include "core/or/circuitmux_ewma.h"
 #include "lib/crypt_ops/crypto_rand.h"
@@ -382,10 +383,17 @@ ewma_pick_active_circuit(circuitmux_t *cmux,
 
   pol = TO_EWMA_POL_DATA(pol_data);
 
-  if (smartlist_len(pol->active_circuit_pqueue) > 0) {
+  for (int i = 0; i < smartlist_len(pol->active_circuit_pqueue); i++) {
     /* Get the head of the queue */
-    cell_ewma = smartlist_get(pol->active_circuit_pqueue, 0);
+    cell_ewma = smartlist_get(pol->active_circuit_pqueue, i);
     circ = cell_ewma_to_circuit(cell_ewma);
+    /* Don't send back closed circuit. This is possible because the circuit
+     * is detached from the cmux before the circuit gets freed and not when
+     * marked for close. Because of that, there is a window where a closed
+     * circuit can be picked here. See #25312. */
+    if (circ->marked_for_close) {
+      continue;
+    }
   }
 
   return circ;

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits