[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] r10154: backport candidate: If a directory server runs out of space (in tor/trunk: . src/or)



Author: arma
Date: 2007-05-10 04:53:05 -0400 (Thu, 10 May 2007)
New Revision: 10154

Modified:
   tor/trunk/ChangeLog
   tor/trunk/src/or/connection_edge.c
Log:
backport candidate:
If a directory server runs out of space in the connection table
as it's processing a begin_dir request, it will free the exit stream
but leave it attached to the circuit, leading to unpredictable
behavior. (Reported by seeess, fixes bug 425.)


Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog	2007-05-10 05:12:20 UTC (rev 10153)
+++ tor/trunk/ChangeLog	2007-05-10 08:53:05 UTC (rev 10154)
@@ -29,6 +29,12 @@
       in the network. Implements proposal 107, suggested by Kevin Bauer
       and Damon McCoy.
 
+  o Crash fixes:
+    - If a directory server runs out of space in the connection table
+      as it's processing a begin_dir request, it will free the exit stream
+      but leave it attached to the circuit, leading to unpredictable
+      behavior. (Reported by seeess, fixes bug 425.)
+
   o Minor fixes (resource management):
     - Count the number of open sockets separately from the number of active
       connection_t objects.  This will let us avoid underusing our
@@ -40,8 +46,8 @@
       the server), and avoids the nasty Windows socketpair() workaround.
     - Keep unused 4k and 16k buffers on free lists, rather than wasting 8k
       for every single inactive connection_t.
-    - Free items from the 4/16k-buffer free lists when they haven't been used
-      for a while.
+    - Free items from the 4k/16k-buffer free lists when they haven't been
+      used for a while.
 
   o Minor features (build):
     - Make autoconf search for libevent, openssl, and zlib consistently.

Modified: tor/trunk/src/or/connection_edge.c
===================================================================
--- tor/trunk/src/or/connection_edge.c	2007-05-10 05:12:20 UTC (rev 10153)
+++ tor/trunk/src/or/connection_edge.c	2007-05-10 08:53:05 UTC (rev 10154)
@@ -29,7 +29,8 @@
 
 static int connection_ap_handshake_process_socks(edge_connection_t *conn);
 static int connection_ap_process_natd(edge_connection_t *conn);
-static int connection_exit_connect_dir(edge_connection_t *exit_conn);
+static int connection_exit_connect_dir(edge_connection_t *exit_conn,
+                                       or_circuit_t *circ);
 static int hostname_is_noconnect_address(const char *address);
 
 /** An AP stream has failed/finished. If it hasn't already sent back
@@ -2218,18 +2219,17 @@
     connection_free(TO_CONN(n_stream));
     return 0;
   }
-  log_debug(LD_EXIT,"about to start the dns_resolve().");
 
+  n_stream->on_circuit = circ;
+
   if (rh.command == RELAY_COMMAND_BEGIN_DIR) {
-    if (or_circ && or_circ->p_conn && or_circ->p_conn->_base.addr)
+    tor_assert(or_circ);
+    if (or_circ->p_conn && or_circ->p_conn->_base.addr)
       n_stream->_base.addr = or_circ->p_conn->_base.addr;
-    n_stream->next_stream = TO_OR_CIRCUIT(circ)->n_streams;
-    n_stream->on_circuit = circ;
-    TO_OR_CIRCUIT(circ)->n_streams = n_stream;
-    return connection_exit_connect_dir(n_stream);
+    return connection_exit_connect_dir(n_stream, or_circ);
   }
 
-  n_stream->on_circuit = circ;
+  log_debug(LD_EXIT,"about to start the dns_resolve().");
 
   /* send it off to the gethostbyname farm */
   switch (dns_resolve(n_stream)) {
@@ -2399,7 +2399,8 @@
  * DOCDOC no longer uses socketpair
  */
 static int
-connection_exit_connect_dir(edge_connection_t *exit_conn)
+connection_exit_connect_dir(edge_connection_t *exit_conn,
+                            or_circuit_t *circ)
 {
   dir_connection_t *dir_conn = NULL;
 
@@ -2425,6 +2426,9 @@
     return 0;
   }
 
+  exit_conn->next_stream = circ->n_streams;
+  circ->n_streams = exit_conn;
+
   if (connection_add(TO_CONN(dir_conn))<0) {
     connection_edge_end(exit_conn, END_STREAM_REASON_RESOURCELIMIT);
     connection_close_immediate(TO_CONN(exit_conn));