Avoid null-pointer deref in pathbias_is_new_circ_attempt

Coverity is worried about this (CID 980653). It hasn't happened in testing, but we might as well make sure it can't happen.
2024-11-10 21:23:58 +01:00 · 2013-02-11 16:59:21 -05:00 · 2013-02-11 16:59:21 -05:00 · f3835bcb37
commit f3835bcb37
parent 719940df2b
1 changed files with 4 additions and 2 deletions
--- a/src/or/circuitbuild.c
+++ b/src/or/circuitbuild.c
@ -1307,7 +1307,8 @@ pathbias_is_new_circ_attempt(origin_circuit_t *circ)
  /* cpath is a circular list. We want circs with more than one hop,
   * and the second hop must be waiting for keys still (it's just
   * about to get them). */
-  return circ->cpath->next != circ->cpath &&
+  return circ->cpath &&
+         circ->cpath->next != circ->cpath &&
         circ->cpath->next->state == CPATH_STATE_AWAITING_KEYS;
 #else
  /* If tagging attacks are no longer possible, we probably want to
@ -1315,7 +1316,8 @@ pathbias_is_new_circ_attempt(origin_circuit_t *circ)
   * timing-based tagging is still more useful than per-hop failure.
   * In which case, we'd never want to use this.
   */
-  return circ->cpath->state == CPATH_STATE_AWAITING_KEYS;
+  return circ->cpath &&
+         circ->cpath->state == CPATH_STATE_AWAITING_KEYS;
 #endif
 }