[tor-bugs] #7471 [Tor]: circuit_unlink_all_from_channel() is brain-damaged
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Nov 13 21:56:41 UTC 2012
#7471: circuit_unlink_all_from_channel() is brain-damaged
--------------------+-------------------------------------------------------
Reporter: andrea | Owner: andrea
Type: defect | Status: new
Priority: normal | Milestone: Tor: 0.2.4.x-final
Component: Tor | Version: Tor: 0.2.4.5-alpha
Keywords: | Parent:
Points: | Actualpoints:
--------------------+-------------------------------------------------------
The circuit_unlink_all_from_channel() function calls
channel_unlink_all_circuits() and then circuit_mark_for_close() on each
circuit in a loop. The channel_unlink_all_circuits() call resets the
channel's num_n_circuits and num_p_circutis to 0, and then they get
decremented, which causes them to wrap back below 0, and in the case of
spliced rendezvous circuits the circuit_mark_for_close() after detachment
from the cmux in channel_unlink_all-circuits() can lead to a spurious
circuit_clear_cell_queue() with no cmux to update on. This function
should be rewritten to be less stupid.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7471>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list