mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-30 23:53:32 +01:00
Don't access rend data after a circuit has been marked for close.
This can cause issues if the circuit was repurposed into a padding circuit instead of closing, since in that case we will wipe off the rend_data.
This commit is contained in:
parent
7f341d6482
commit
917e4e9eae
@ -403,14 +403,23 @@ rend_client_introduction_acked(origin_circuit_t *circ,
|
|||||||
} else {
|
} else {
|
||||||
log_info(LD_REND,"...Found no rend circ. Dropping on the floor.");
|
log_info(LD_REND,"...Found no rend circ. Dropping on the floor.");
|
||||||
}
|
}
|
||||||
|
/* Save the rend data digest to a temporary object so that we don't access
|
||||||
|
* it after we mark the circuit for close. */
|
||||||
|
const uint8_t *rend_digest_tmp = NULL;
|
||||||
|
size_t digest_len;
|
||||||
|
uint8_t *cached_rend_digest = NULL;
|
||||||
|
rend_digest_tmp = rend_data_get_pk_digest(circ->rend_data, &digest_len);
|
||||||
|
cached_rend_digest = tor_malloc_zero(digest_len);
|
||||||
|
memcpy(cached_rend_digest, rend_digest_tmp, digest_len);
|
||||||
|
|
||||||
/* close the circuit: we won't need it anymore. */
|
/* close the circuit: we won't need it anymore. */
|
||||||
circuit_change_purpose(TO_CIRCUIT(circ),
|
circuit_change_purpose(TO_CIRCUIT(circ),
|
||||||
CIRCUIT_PURPOSE_C_INTRODUCE_ACKED);
|
CIRCUIT_PURPOSE_C_INTRODUCE_ACKED);
|
||||||
circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_FINISHED);
|
circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_FINISHED);
|
||||||
|
|
||||||
/* close any other intros launched in parallel */
|
/* close any other intros launched in parallel */
|
||||||
rend_client_close_other_intros(rend_data_get_pk_digest(circ->rend_data,
|
rend_client_close_other_intros(cached_rend_digest);
|
||||||
NULL));
|
tor_free(cached_rend_digest); /* free the temporary digest */
|
||||||
} else {
|
} else {
|
||||||
/* It's a NAK; the introduction point didn't relay our request. */
|
/* It's a NAK; the introduction point didn't relay our request. */
|
||||||
circuit_change_purpose(TO_CIRCUIT(circ), CIRCUIT_PURPOSE_C_INTRODUCING);
|
circuit_change_purpose(TO_CIRCUIT(circ), CIRCUIT_PURPOSE_C_INTRODUCING);
|
||||||
|
Loading…
Reference in New Issue
Block a user