commit 0044d74b3c51cf5824435e76eca2a675b51a14bc Author: Nick Mathewson nickm@torproject.org Date: Tue Aug 12 12:15:09 2014 -0400
Fix another case of 12848 in circuit_handle_first_hop
I looked for other places where we set circ->n_chan early, and found one in circuit_handle_first_hop() right before it calls circuit_send_next_onion_skin(). If onion_skin_create() fails there, then n_chan will still be set when circuit_send_next_onion_skin() returns. We should probably fix that too. --- src/or/circuitbuild.c | 1 + 1 file changed, 1 insertion(+)
diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index 11f8250..5325eff 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -475,6 +475,7 @@ circuit_handle_first_hop(origin_circuit_t *circ) log_debug(LD_CIRC,"Conn open. Delivering first onion skin."); if ((err_reason = circuit_send_next_onion_skin(circ)) < 0) { log_info(LD_CIRC,"circuit_send_next_onion_skin failed."); + circ->base_.n_chan = NULL; return err_reason; } }