[or-cvs] Backport part of "JAP-Client" fix. (Specifically, backporr...

Nick Mathewson nickm at seul.org
Sat Apr 23 14:32:27 UTC 2005 

Update of /home/or/cvsroot/tor/src/or
In directory moria.mit.edu:/tmp/cvs-serv25494/src/or

Modified Files:
      Tag: tor-0_0_9-patches
	buffers.c connection_or.c 
Log Message:
Backport part of "JAP-Client" fix.  (Specifically, backporrt the part that refrains from crashing on uncaught TLS errors.)

Index: buffers.c
===================================================================
RCS file: /home/or/cvsroot/tor/src/or/buffers.c,v
retrieving revision 1.122.2.3
retrieving revision 1.122.2.4
diff -u -d -r1.122.2.3 -r1.122.2.4
--- buffers.c	3 Jan 2005 23:20:28 -0000	1.122.2.3
+++ buffers.c	23 Apr 2005 14:32:25 -0000	1.122.2.4
@@ -226,7 +226,7 @@
          (int)buf_datalen(buf), (int)tor_tls_get_pending_bytes(tls),
          (int)at_most);
 
-  assert_no_tls_errors();
+  check_no_tls_errors();
   r = tor_tls_read(tls, buf->mem+buf->datalen, at_most);
   if (r<0)
     return r;

Index: connection_or.c
===================================================================
RCS file: /home/or/cvsroot/tor/src/or/connection_or.c,v
retrieving revision 1.150.2.4
retrieving revision 1.150.2.5
diff -u -d -r1.150.2.4 -r1.150.2.5
--- connection_or.c	31 Mar 2005 23:33:42 -0000	1.150.2.4
+++ connection_or.c	23 Apr 2005 14:32:25 -0000	1.150.2.5
@@ -284,6 +284,7 @@
  * Return -1 if <b>conn</b> is broken, else return 0.
  */
 int connection_tls_continue_handshake(connection_t *conn) {
+  check_no_tls_errors();
   switch (tor_tls_handshake(conn->tls)) {
     case TOR_TLS_ERROR:
     case TOR_TLS_CLOSE:
@@ -346,6 +347,7 @@
   conn->state = OR_CONN_STATE_OPEN;
   connection_watch_events(conn, POLLIN);
   log_fn(LOG_DEBUG,"tls handshake done. verifying.");
+  check_no_tls_errors();
   if (! tor_tls_peer_has_cert(conn->tls)) { /* It's an old OP. */
     if (server_mode(options)) { /* I'm an OR; good. */
       conn->receiver_bucket = conn->bandwidth = DEFAULT_BANDWIDTH_OP;
@@ -356,6 +358,7 @@
     }
   }
   /* Okay; the other side is an OR or a post-0.0.8 OP (with a cert). */
+  check_no_tls_errors();
   if (tor_tls_get_peer_cert_nickname(conn->tls, nickname, sizeof(nickname))) {
     log_fn(LOG_WARN,"Other side (%s:%d) has a cert without a valid nickname. Closing.",
            conn->address, conn->port);
@@ -364,6 +367,7 @@
   log_fn(LOG_DEBUG, "Other side (%s:%d) claims to be router '%s'",
          conn->address, conn->port, nickname);
 
+  check_no_tls_errors();
   if (tor_tls_verify(conn->tls, &identity_rcvd) < 0) {
     log_fn(LOG_WARN,"Other side, which claims to be router '%s' (%s:%d), has a cert but it's invalid. Closing.",
            nickname, conn->address, conn->port);
@@ -376,6 +380,7 @@
     return -1;
   }
 #endif
+  check_no_tls_errors();
   log_fn(LOG_DEBUG,"The router's cert is valid.");
   crypto_pk_get_digest(identity_rcvd, digest_rcvd);

More information about the tor-commits mailing list