commit 9f5f67bda26979bb75e10a0ce0080997b1b72603 Author: Nick Mathewson nickm@torproject.org Date: Wed Sep 12 11:32:15 2018 -0400
Use tor_tls_release_socket() to avoid double-closed sockets on NSS
Closes ticket 27451; bug not in any released Tor. --- src/core/mainloop/connection.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/src/core/mainloop/connection.c b/src/core/mainloop/connection.c index ffc9010fb..16ce8b3f2 100644 --- a/src/core/mainloop/connection.c +++ b/src/core/mainloop/connection.c @@ -638,8 +638,19 @@ connection_free_minimal(connection_t *conn)
if (connection_speaks_cells(conn)) { or_connection_t *or_conn = TO_OR_CONN(conn); - tor_tls_free(or_conn->tls); - or_conn->tls = NULL; + if (or_conn->tls) { + if (! SOCKET_OK(conn->s)) { + /* The socket has been closed by somebody else; we must tell the + * TLS object not to close it. */ + tor_tls_release_socket(or_conn->tls); + } else { + /* The tor_tls_free() call below will close the socket; we must tell + * the code below not to close it a second time. */ + conn->s = TOR_INVALID_SOCKET; + } + tor_tls_free(or_conn->tls); + or_conn->tls = NULL; + } or_handshake_state_free(or_conn->handshake_state); or_conn->handshake_state = NULL; tor_free(or_conn->nickname);