[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [tor/master] Avoid use-after-free of circ belonging to cancelled job
commit 733751009058a8ff140c15ddd8b022da6a77afdd
Author: Sebastian Hahn <sebastian@xxxxxxxxxxxxxx>
Date: Mon Feb 9 16:04:51 2015 +0100
Avoid use-after-free of circ belonging to cancelled job
This fixes a bug where we decide to free the circuit because it isn't on
any workqueue anymore, and then the job finishes and the circuit gets
freed again.
Fixes bug #14815, not in any released version of Tor.
---
src/or/cpuworker.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/or/cpuworker.c b/src/or/cpuworker.c
index 5e8b32d..7fe2351 100644
--- a/src/or/cpuworker.c
+++ b/src/or/cpuworker.c
@@ -556,8 +556,7 @@ cpuworker_cancel_circ_handshake(or_circuit_t *circ)
tor_free(job);
tor_assert(total_pending_tasks > 0);
--total_pending_tasks;
+ circ->workqueue_entry = NULL;
}
-
- circ->workqueue_entry = NULL;
}
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits