nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-14 07:03:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Avoid null-pointer deref in pathbias_is_new_circ_attempt

Browse Source 
Coverity is worried about this (CID 980653).  It hasn't happened in
testing, but we might as well make sure it can't happen.
This commit is contained in:
Nick Mathewson 2013-02-11 16:59:21 -05:00
parent 719940df2b
commit f3835bcb37
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/or/circuitbuild.c
View File

@ -1307,7 +1307,8 @@ pathbias_is_new_circ_attempt(origin_circuit_t *circ)
/* cpath is a circular list. We want circs with more than one hop, /* cpath is a circular list. We want circs with more than one hop,
* and the second hop must be waiting for keys still (it's just * and the second hop must be waiting for keys still (it's just
* about to get them). */ * about to get them). */
return circ->cpath->next != circ->cpath && return circ->cpath &&
circ->cpath->next != circ->cpath &&
circ->cpath->next->state == CPATH_STATE_AWAITING_KEYS; circ->cpath->next->state == CPATH_STATE_AWAITING_KEYS;
#else #else
/* If tagging attacks are no longer possible, we probably want to /* If tagging attacks are no longer possible, we probably want to
@ -1315,7 +1316,8 @@ pathbias_is_new_circ_attempt(origin_circuit_t *circ)
* timing-based tagging is still more useful than per-hop failure. * timing-based tagging is still more useful than per-hop failure.
* In which case, we'd never want to use this. * In which case, we'd never want to use this.
*/ */
return circ->cpath->state == CPATH_STATE_AWAITING_KEYS; return circ->cpath &&
circ->cpath->state == CPATH_STATE_AWAITING_KEYS;
#endif #endif
} }