From 5eb2d5888065420b44ad237d000dfb7c3656c2ef Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Mon, 14 May 2018 15:54:48 -0400 Subject: [PATCH] Add a missing return after marking a stream for bad connected cell Fixes bug 26072; bugfix on 0.2.4.7-alpha. --- changes/bug26072 | 5 +++++ src/or/relay.c | 1 + 2 files changed, 6 insertions(+) create mode 100644 changes/bug26072 diff --git a/changes/bug26072 b/changes/bug26072 new file mode 100644 index 0000000000..2489e4fbb5 --- /dev/null +++ b/changes/bug26072 @@ -0,0 +1,5 @@ + o Minor bugfixes (correctness, client): + - Upon receiving a malformed connected cell, stop processing the cell + immediately. Previously we would mark the connection for close, but + continue processing the cell as if the connection were open. Fixes bug + 26072; bugfix on 0.2.4.7-alpha. diff --git a/src/or/relay.c b/src/or/relay.c index 22ce767523..1c791e02cc 100644 --- a/src/or/relay.c +++ b/src/or/relay.c @@ -1323,6 +1323,7 @@ connection_edge_process_relay_cell_not_open( "Got a badly formatted connected cell. Closing."); connection_edge_end(conn, END_STREAM_REASON_TORPROTOCOL); connection_mark_unattached_ap(entry_conn, END_STREAM_REASON_TORPROTOCOL); + return 0; } if (tor_addr_family(&addr) != AF_UNSPEC) { const sa_family_t family = tor_addr_family(&addr);