sarah
/
tor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Clear outbuf_flushlen when we clear a connection's outbuf 

When we added single_conn_free_bytes(), we cleared the outbuf on a
connection without setting outbuf_flushlen() to 0.  This could cause
an assertion failure later on in flush_buf().

Fixes bug 23690; bugfix on 0.2.6.1-alpha.
This commit is contained in:
Nick Mathewson 2017-09-29 10:00:14 -04:00
parent 8e52c46581
commit f7222e6d8c
2 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
changes/bug23690 Normal file
View File

@ -0,0 +1,5 @@
o Major bugfixes (relay, crash, assertion failure):
- Fix a timing-based assertion failure that could occur when the
circuit out-of-memory handler freed a connection's output buffer.
Fixes bug 23690; bugfix on 0.2.6.1-alpha.

1
src/or/circuitlist.c
View File

@ -1939,6 +1939,7 @@ single_conn_free_bytes(connection_t *conn)
if (conn->outbuf) {
result += buf_allocation(conn->outbuf);
buf_clear(conn->outbuf);
conn->outbuf_flushlen = 0;
}
if (conn->type == CONN_TYPE_DIR) {
dir_connection_t *dir_conn = TO_DIR_CONN(conn);