From c15b99e6e99fef6130dd6c53609a664efd82ef50 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Wed, 31 Aug 2016 10:32:10 -0400 Subject: [PATCH] Fix a deref-before-null-check complaint Found by coverity scan; this is CID 1372329. Also, reindent some oddly indented code. --- src/or/circuitbuild.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index 2e7ea2f79a..aa2b0b2426 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -855,7 +855,12 @@ circuit_pick_extend_handshake(uint8_t *cell_type_out, /* XXXX030 Remove support for deciding to use TAP. */ /* It is an error to extend if there is no previous node. */ - tor_assert_nonfatal(node_prev); + if (BUG(node_prev == NULL)) { + *cell_type_out = RELAY_COMMAND_EXTEND; + *create_cell_type_out = CELL_CREATE; + return; + } + /* It is an error for a node with a known version to be so old it does not * support ntor. */ tor_assert_nonfatal(routerstatus_version_supports_ntor(node_prev->rs, 1)); @@ -863,16 +868,15 @@ circuit_pick_extend_handshake(uint8_t *cell_type_out, /* Assume relays without tor versions or routerstatuses support ntor. * The authorities enforce ntor support, and assuming and failing is better * than allowing a malicious node to perform a protocol downgrade to TAP. */ - if (node_prev && - *handshake_type_out != ONION_HANDSHAKE_TYPE_TAP && + if (*handshake_type_out != ONION_HANDSHAKE_TYPE_TAP && (node_has_curve25519_onion_key(node_prev) || (routerstatus_version_supports_ntor(node_prev->rs, 1)))) { - *cell_type_out = RELAY_COMMAND_EXTEND2; - *create_cell_type_out = CELL_CREATE2; - } else { - *cell_type_out = RELAY_COMMAND_EXTEND; - *create_cell_type_out = CELL_CREATE; - } + *cell_type_out = RELAY_COMMAND_EXTEND2; + *create_cell_type_out = CELL_CREATE2; + } else { + *cell_type_out = RELAY_COMMAND_EXTEND; + *create_cell_type_out = CELL_CREATE; + } } /** This is the backbone function for building circuits.