From 2ff871e530aba2191f289b9e055af4d873fd30fa Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Fri, 31 Aug 2007 14:20:44 +0000 Subject: [PATCH] r14871@catbus: nickm | 2007-08-31 10:12:53 -0400 Check correct circuit type when calling functions from rend_process_relay_cell. Backport candidate. svn:r11336 --- ChangeLog | 4 ++++ src/or/rendcommon.c | 35 +++++++++++++++++++++++------------ 2 files changed, 27 insertions(+), 12 deletions(-) diff --git a/ChangeLog b/ChangeLog index f51446e677..071372ad22 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,10 @@ Changes in version 0.2.0.7-alpha - 2007-??-?? - Accept LF instead of CRLF on controller, since some software has a hard time generating real Internet newlines. + o Major bugfixes: + - Fix possible segfaults in functions called from + rend_process_relay_cell(). + o Minor bugfixes: - When generating information telling us how to extend to a given router, do not try to include the nickname if it is absent. Fixes diff --git a/src/or/rendcommon.c b/src/or/rendcommon.c index aad37c00e8..30350f9916 100644 --- a/src/or/rendcommon.c +++ b/src/or/rendcommon.c @@ -445,7 +445,7 @@ rend_process_relay_cell(circuit_t *circ, int command, size_t length, { or_circuit_t *or_circ = NULL; origin_circuit_t *origin_circ = NULL; - int r; + int r = -2; if (CIRCUIT_IS_ORIGIN(circ)) origin_circ = TO_ORIGIN_CIRCUIT(circ); else @@ -453,37 +453,48 @@ rend_process_relay_cell(circuit_t *circ, int command, size_t length, switch (command) { case RELAY_COMMAND_ESTABLISH_INTRO: - r = rend_mid_establish_intro(or_circ,payload,length); + if (or_circ) + r = rend_mid_establish_intro(or_circ,payload,length); break; case RELAY_COMMAND_ESTABLISH_RENDEZVOUS: - r = rend_mid_establish_rendezvous(or_circ,payload,length); + if (or_circ) + r = rend_mid_establish_rendezvous(or_circ,payload,length); break; case RELAY_COMMAND_INTRODUCE1: - r = rend_mid_introduce(or_circ,payload,length); + if (or_circ) + r = rend_mid_introduce(or_circ,payload,length); break; case RELAY_COMMAND_INTRODUCE2: - r = rend_service_introduce(origin_circ,payload,length); + if (origin_circ) + r = rend_service_introduce(origin_circ,payload,length); break; case RELAY_COMMAND_INTRODUCE_ACK: - r = rend_client_introduction_acked(origin_circ,payload,length); + if (origin_circ) + r = rend_client_introduction_acked(origin_circ,payload,length); break; case RELAY_COMMAND_RENDEZVOUS1: - r = rend_mid_rendezvous(or_circ,payload,length); + if (or_circ) + r = rend_mid_rendezvous(or_circ,payload,length); break; case RELAY_COMMAND_RENDEZVOUS2: - r = rend_client_receive_rendezvous(origin_circ,payload,length); + if (origin_circ) + r = rend_client_receive_rendezvous(origin_circ,payload,length); break; case RELAY_COMMAND_INTRO_ESTABLISHED: - r = rend_service_intro_established(origin_circ,payload,length); + if (origin_circ) + r = rend_service_intro_established(origin_circ,payload,length); break; case RELAY_COMMAND_RENDEZVOUS_ESTABLISHED: - r = rend_client_rendezvous_acked(origin_circ,payload,length); + if (origin_circ) + r = rend_client_rendezvous_acked(origin_circ,payload,length); break; default: - tor_assert(0); + tor_fragile_assert(); } - (void)r; + if (r == -2) + log_info(LD_PROTOCOL, "Dropping cell (type %d) for wrong circuit type.", + command); } /** Return the number of entries in our rendezvous descriptor cache. */