[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor/release-0.3.1] Clear outbuf_flushlen when we clear a connection's outbuf



commit f7222e6d8cf31ce0e2a4653477ab42645c045db6
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date:   Fri Sep 29 10:00:14 2017 -0400

    Clear outbuf_flushlen when we clear a connection's outbuf
    
    When we added single_conn_free_bytes(), we cleared the outbuf on a
    connection without setting outbuf_flushlen() to 0.  This could cause
    an assertion failure later on in flush_buf().
    
    Fixes bug 23690; bugfix on 0.2.6.1-alpha.
---
 changes/bug23690     | 5 +++++
 src/or/circuitlist.c | 1 +
 2 files changed, 6 insertions(+)

diff --git a/changes/bug23690 b/changes/bug23690
new file mode 100644
index 000000000..36ff32e49
--- /dev/null
+++ b/changes/bug23690
@@ -0,0 +1,5 @@
+  o Major bugfixes (relay, crash, assertion failure):
+    - Fix a timing-based assertion failure that could occur when the
+      circuit out-of-memory handler freed a connection's output buffer.
+      Fixes bug 23690; bugfix on 0.2.6.1-alpha.
+
diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c
index d7dbfe574..b71048590 100644
--- a/src/or/circuitlist.c
+++ b/src/or/circuitlist.c
@@ -1939,6 +1939,7 @@ single_conn_free_bytes(connection_t *conn)
   if (conn->outbuf) {
     result += buf_allocation(conn->outbuf);
     buf_clear(conn->outbuf);
+    conn->outbuf_flushlen = 0;
   }
   if (conn->type == CONN_TYPE_DIR) {
     dir_connection_t *dir_conn = TO_DIR_CONN(conn);



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits