[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r11336: Check correct circuit type when calling functions from rend_ (in tor/trunk: . src/or)
Author: nickm
Date: 2007-08-31 10:20:44 -0400 (Fri, 31 Aug 2007)
New Revision: 11336
Modified:
tor/trunk/
tor/trunk/ChangeLog
tor/trunk/src/or/rendcommon.c
Log:
r14871@catbus: nickm | 2007-08-31 10:12:53 -0400
Check correct circuit type when calling functions from rend_process_relay_cell. Backport candidate.
Property changes on: tor/trunk
___________________________________________________________________
svk:merge ticket from /tor/trunk [r14871] on 8246c3cf-6607-4228-993b-4d95d33730f1
Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog 2007-08-31 14:20:41 UTC (rev 11335)
+++ tor/trunk/ChangeLog 2007-08-31 14:20:44 UTC (rev 11336)
@@ -13,6 +13,10 @@
- Accept LF instead of CRLF on controller, since some software has a
hard time generating real Internet newlines.
+ o Major bugfixes:
+ - Fix possible segfaults in functions called from
+ rend_process_relay_cell().
+
o Minor bugfixes:
- When generating information telling us how to extend to a given
router, do not try to include the nickname if it is absent. Fixes
Modified: tor/trunk/src/or/rendcommon.c
===================================================================
--- tor/trunk/src/or/rendcommon.c 2007-08-31 14:20:41 UTC (rev 11335)
+++ tor/trunk/src/or/rendcommon.c 2007-08-31 14:20:44 UTC (rev 11336)
@@ -445,7 +445,7 @@
{
or_circuit_t *or_circ = NULL;
origin_circuit_t *origin_circ = NULL;
- int r;
+ int r = -2;
if (CIRCUIT_IS_ORIGIN(circ))
origin_circ = TO_ORIGIN_CIRCUIT(circ);
else
@@ -453,37 +453,48 @@
switch (command) {
case RELAY_COMMAND_ESTABLISH_INTRO:
- r = rend_mid_establish_intro(or_circ,payload,length);
+ if (or_circ)
+ r = rend_mid_establish_intro(or_circ,payload,length);
break;
case RELAY_COMMAND_ESTABLISH_RENDEZVOUS:
- r = rend_mid_establish_rendezvous(or_circ,payload,length);
+ if (or_circ)
+ r = rend_mid_establish_rendezvous(or_circ,payload,length);
break;
case RELAY_COMMAND_INTRODUCE1:
- r = rend_mid_introduce(or_circ,payload,length);
+ if (or_circ)
+ r = rend_mid_introduce(or_circ,payload,length);
break;
case RELAY_COMMAND_INTRODUCE2:
- r = rend_service_introduce(origin_circ,payload,length);
+ if (origin_circ)
+ r = rend_service_introduce(origin_circ,payload,length);
break;
case RELAY_COMMAND_INTRODUCE_ACK:
- r = rend_client_introduction_acked(origin_circ,payload,length);
+ if (origin_circ)
+ r = rend_client_introduction_acked(origin_circ,payload,length);
break;
case RELAY_COMMAND_RENDEZVOUS1:
- r = rend_mid_rendezvous(or_circ,payload,length);
+ if (or_circ)
+ r = rend_mid_rendezvous(or_circ,payload,length);
break;
case RELAY_COMMAND_RENDEZVOUS2:
- r = rend_client_receive_rendezvous(origin_circ,payload,length);
+ if (origin_circ)
+ r = rend_client_receive_rendezvous(origin_circ,payload,length);
break;
case RELAY_COMMAND_INTRO_ESTABLISHED:
- r = rend_service_intro_established(origin_circ,payload,length);
+ if (origin_circ)
+ r = rend_service_intro_established(origin_circ,payload,length);
break;
case RELAY_COMMAND_RENDEZVOUS_ESTABLISHED:
- r = rend_client_rendezvous_acked(origin_circ,payload,length);
+ if (origin_circ)
+ r = rend_client_rendezvous_acked(origin_circ,payload,length);
break;
default:
- tor_assert(0);
+ tor_fragile_assert();
}
- (void)r;
+ if (r == -2)
+ log_info(LD_PROTOCOL, "Dropping cell (type %d) for wrong circuit type.",
+ command);
}
/** Return the number of entries in our rendezvous descriptor cache. */