[tor-commits] [tor/master] Fix a deref-before-null-check complaint

nickm at torproject.org nickm at torproject.org
Wed Aug 31 14:33:10 UTC 2016


commit c15b99e6e99fef6130dd6c53609a664efd82ef50
Author: Nick Mathewson <nickm at torproject.org>
Date:   Wed Aug 31 10:32:10 2016 -0400

    Fix a deref-before-null-check complaint
    
    Found by coverity scan; this is CID 1372329.
    
    Also, reindent some oddly indented code.
---
 src/or/circuitbuild.c | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c
index 2e7ea2f..aa2b0b2 100644
--- a/src/or/circuitbuild.c
+++ b/src/or/circuitbuild.c
@@ -855,7 +855,12 @@ circuit_pick_extend_handshake(uint8_t *cell_type_out,
   /* XXXX030 Remove support for deciding to use TAP. */
 
   /* It is an error to extend if there is no previous node. */
-  tor_assert_nonfatal(node_prev);
+  if (BUG(node_prev == NULL)) {
+    *cell_type_out = RELAY_COMMAND_EXTEND;
+    *create_cell_type_out = CELL_CREATE;
+    return;
+  }
+
   /* It is an error for a node with a known version to be so old it does not
    * support ntor. */
   tor_assert_nonfatal(routerstatus_version_supports_ntor(node_prev->rs, 1));
@@ -863,16 +868,15 @@ circuit_pick_extend_handshake(uint8_t *cell_type_out,
   /* Assume relays without tor versions or routerstatuses support ntor.
    * The authorities enforce ntor support, and assuming and failing is better
    * than allowing a malicious node to perform a protocol downgrade to TAP. */
-  if (node_prev &&
-      *handshake_type_out != ONION_HANDSHAKE_TYPE_TAP &&
+  if (*handshake_type_out != ONION_HANDSHAKE_TYPE_TAP &&
       (node_has_curve25519_onion_key(node_prev) ||
        (routerstatus_version_supports_ntor(node_prev->rs, 1)))) {
-        *cell_type_out = RELAY_COMMAND_EXTEND2;
-        *create_cell_type_out = CELL_CREATE2;
-      } else {
-        *cell_type_out = RELAY_COMMAND_EXTEND;
-        *create_cell_type_out = CELL_CREATE;
-      }
+    *cell_type_out = RELAY_COMMAND_EXTEND2;
+    *create_cell_type_out = CELL_CREATE2;
+  } else {
+    *cell_type_out = RELAY_COMMAND_EXTEND;
+    *create_cell_type_out = CELL_CREATE;
+  }
 }
 
 /** This is the backbone function for building circuits.



More information about the tor-commits mailing list