[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] [tor/master] fix race condition that can cause crashes at client or exit relay



Author: Roger Dingledine <arma@xxxxxxxxxxxxxx>
Date: Mon, 23 Nov 2009 10:13:50 -0500
Subject: fix race condition that can cause crashes at client or exit relay
Commit: a89f51c936f8bd3c2aef3e9472d5310c83dc8fa7

Avoid crashing if the client is trying to upload many bytes and the
circuit gets torn down at the same time, or if the flip side
happens on the exit relay. Bugfix on 0.2.0.1-alpha; fixes bug 1150.
---
 ChangeLog            |    3 +++
 src/or/circuitlist.c |    2 ++
 2 files changed, 5 insertions(+), 0 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 64910dd..22da2f7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,9 @@ Changes in Version 0.2.1.21 - 20??-??-??
       handshake from working unless we explicitly tell OpenSSL that we are
       using SSL renegotiation safely.  We are, of course, but OpenSSL
       0.9.8l won't work unless we say we are.
+    - Avoid crashing if the client is trying to upload many bytes and the
+      circuit gets torn down at the same time, or if the flip side
+      happens on the exit relay. Bugfix on 0.2.0.1-alpha; fixes bug 1150.
 
   o Minor bugfixes:
     - Do not refuse to learn about authority certs and v2 networkstatus
diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c
index 5918bdd..c55ba4d 100644
--- a/src/or/circuitlist.c
+++ b/src/or/circuitlist.c
@@ -1097,6 +1097,7 @@ _circuit_mark_for_close(circuit_t *circ, int reason, int line,
     edge_connection_t *conn;
     for (conn=or_circ->n_streams; conn; conn=conn->next_stream)
       connection_edge_destroy(or_circ->p_circ_id, conn);
+    or_circ->n_streams = NULL;
 
     while (or_circ->resolving_streams) {
       conn = or_circ->resolving_streams;
@@ -1120,6 +1121,7 @@ _circuit_mark_for_close(circuit_t *circ, int reason, int line,
     edge_connection_t *conn;
     for (conn=ocirc->p_streams; conn; conn=conn->next_stream)
       connection_edge_destroy(circ->n_circ_id, conn);
+    ocirc->p_streams = NULL;
   }
 
   circ->marked_for_close = line;
-- 
1.5.6.5