This is an automated email from the git hooks/post-receive script.
dgoulet pushed a commit to branch main in repository tor.
The following commit(s) were added to refs/heads/main by this push: new 4f1298e418 cmux: Don't pick a marked for close circuit as active 4f1298e418 is described below
commit 4f1298e4189f8bda8ecf48cf7ff25445698d747a Author: David Goulet dgoulet@torproject.org AuthorDate: Thu Jun 23 09:41:54 2022 -0400
cmux: Don't pick a marked for close circuit as active
Fixes #25312
Signed-off-by: David Goulet dgoulet@torproject.org --- changes/ticket25312 | 3 +++ src/core/or/circuitmux_ewma.c | 12 ++++++++++-- 2 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/changes/ticket25312 b/changes/ticket25312 new file mode 100644 index 0000000000..5de1a48260 --- /dev/null +++ b/changes/ticket25312 @@ -0,0 +1,3 @@ + o Minor bugfixes (circuit): + - Fix a tiny window where a circuit can be chosen as active but is marked + for close. Fixes bug 25312; bugfix on 0.2.4.4-alpha. diff --git a/src/core/or/circuitmux_ewma.c b/src/core/or/circuitmux_ewma.c index adf256ab05..18c726c9ba 100644 --- a/src/core/or/circuitmux_ewma.c +++ b/src/core/or/circuitmux_ewma.c @@ -35,6 +35,7 @@ #include <math.h>
#include "core/or/or.h" +#include "core/or/circuit_st.h" #include "core/or/circuitmux.h" #include "core/or/circuitmux_ewma.h" #include "lib/crypt_ops/crypto_rand.h" @@ -382,10 +383,17 @@ ewma_pick_active_circuit(circuitmux_t *cmux,
pol = TO_EWMA_POL_DATA(pol_data);
- if (smartlist_len(pol->active_circuit_pqueue) > 0) { + for (int i = 0; i < smartlist_len(pol->active_circuit_pqueue); i++) { /* Get the head of the queue */ - cell_ewma = smartlist_get(pol->active_circuit_pqueue, 0); + cell_ewma = smartlist_get(pol->active_circuit_pqueue, i); circ = cell_ewma_to_circuit(cell_ewma); + /* Don't send back closed circuit. This is possible because the circuit + * is detached from the cmux before the circuit gets freed and not when + * marked for close. Because of that, there is a window where a closed + * circuit can be picked here. See #25312. */ + if (circ->marked_for_close) { + continue; + } }
return circ;