tor

The Tor anonymity network
git clone https://git.dasho.dev/tor.git
Log | Files | Refs | README | LICENSE
commit 5ba91be6e9073578fedf6897949d84d27e1a530a
parent 46161b194f7a0ca7a2c83c36d1eb01f8110d80a1
Author: David Goulet <dgoulet@torproject.org>
Date:   Mon, 15 Sep 2025 11:05:56 -0400

circ: Free conflux pending nonce if nonce is untracked

This can happen if we loose track of the nonce and a circuit with it is
repurposed.

Without this, it would lead to a non fatal assert on a control port circuit
event of puporse change.

Related to #41037

Signed-off-by: David Goulet <dgoulet@torproject.org>

Diffstat:

Mchanges/ticket41037 | 3+++


Msrc/core/or/conflux_pool.c | 5+++++


2 files changed, 8 insertions(+), 0 deletions(-)

diff --git a/changes/ticket41037 b/changes/ticket41037
@@ -1,3 +1,6 @@
   o Minor bugfix (conflux):
     - Avoid a non fatal assert when describing a conflux circuit on the control
       port after being prepped to be freed. Fixes bug 41037; bugfix on 0.4.8.15.
+    - Remove the pending nonce if we realize that the nonce of the unlinked
+      circuit is not tracked anymore. Should avoid the non fatal assert
+      triggered with a control port circuit event.
diff --git a/src/core/or/conflux_pool.c b/src/core/or/conflux_pool.c
@@ -1460,6 +1460,11 @@ unlinked_circuit_closed(circuit_t *circ)
   /* This circuit is part of set that has already been removed previously freed
    * by another leg closing. */
   if (!unlinked) {
+    /* This circuit is not Conflux related anymore regardless of its purpose so
+     * remove the pending nonce so after this function, the circuit is not
+     * considered conflux with CIRCUIT_IS_CONFLUX(). */
+    tor_free(circ->conflux_pending_nonce);
+    circ->conflux_pending_nonce = NULL;
     return;
   }