nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-24 20:33:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Avoid double-free in bufferevent read/write cbs

Browse Source 
Fixes bug 3404; bugfix on 0.2.3.1-alpha.
This commit is contained in:
Nick Mathewson 2011-07-07 11:00:21 -04:00
parent f883ec09b5
commit 57822cbbbe
2 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
changes/bug3404 Normal file
View File

@ -0,0 +1,3 @@
o Minor bugfixes:
- Fix a class of double-mark-for-close bugs when bufferevents
are enabled. Fixes bug 3404; bugfix on 0.2.3.1-alpha.

9
src/or/connection.c
View File

@ -2957,9 +2957,11 @@ connection_handle_read_cb(struct bufferevent *bufev, void *arg)
{
connection_t *conn = arg;
(void) bufev;
if (!conn->marked_for_close)
if (!conn->marked_for_close) {
if (connection_process_inbuf(conn, 1)<0) /* XXXX Always 1? */
connection_mark_for_close(conn);
if (!conn->marked_for_close)
connection_mark_for_close(conn);
}
}
/** Callback: invoked whenever a bufferevent has written data. */
@ -2969,7 +2971,8 @@ connection_handle_write_cb(struct bufferevent *bufev, void *arg)
connection_t *conn = arg;
struct evbuffer *output;
if (connection_flushed_some(conn)<0) {
connection_mark_for_close(conn);
if (!conn->marked_for_close)
connection_mark_for_close(conn);
return;
}