tor

The Tor anonymity network
git clone https://git.dasho.dev/tor.git
Log | Files | Refs | README | LICENSE
commit b5fddbd24144a94580e50886cd07a82968a1b86c
parent c18967d6c80f6a40acc78556490a4f40bc0e7003
Author: Nick Mathewson <nickm@torproject.org>
Date:   Thu, 23 Aug 2018 13:02:12 -0400

Avoid double-close on TCP sockets under NSS.

Diffstat:

Msrc/core/mainloop/connection.c | 25+++++++++++++++++--------


Msrc/lib/tls/tortls_openssl.c | 2+-


2 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/src/core/mainloop/connection.c b/src/core/mainloop/connection.c
@@ -449,6 +449,20 @@ connection_new(int type, int socket_family)
   }
 }
 
+static void
+connection_close_and_invalidate_socket(connection_t *conn)
+{
+  if (connection_speaks_cells(conn)) {
+    or_connection_t *or_conn = TO_OR_CONN(conn);
+    tor_tls_free(or_conn->tls);
+    or_conn->tls = NULL;
+    or_conn->base_.s = TOR_INVALID_SOCKET;
+  } else {
+    tor_close_socket(conn->s);
+    conn->s = TOR_INVALID_SOCKET;
+  }
+}
+
 /** Initializes conn. (you must call connection_add() to link it into the main
  * array).
  *
@@ -614,9 +628,8 @@ connection_free_minimal(connection_t *conn)
   tor_free(conn->address);
 
   if (connection_speaks_cells(conn)) {
+    connection_close_and_invalidate_socket(conn);
     or_connection_t *or_conn = TO_OR_CONN(conn);
-    tor_tls_free(or_conn->tls);
-    or_conn->tls = NULL;
     or_handshake_state_free(or_conn->handshake_state);
     or_conn->handshake_state = NULL;
     tor_free(or_conn->nickname);
@@ -692,9 +705,7 @@ connection_free_minimal(connection_t *conn)
   }
 
   if (SOCKET_OK(conn->s)) {
-    log_debug(LD_NET,"closing fd %d.",(int)conn->s);
-    tor_close_socket(conn->s);
-    conn->s = TOR_INVALID_SOCKET;
+    connection_close_and_invalidate_socket(conn);
   }
 
   if (conn->type == CONN_TYPE_OR &&
@@ -820,9 +831,7 @@ connection_close_immediate(connection_t *conn)
   conn->read_blocked_on_bw = 0;
   conn->write_blocked_on_bw = 0;
 
-  if (SOCKET_OK(conn->s))
-    tor_close_socket(conn->s);
-  conn->s = TOR_INVALID_SOCKET;
+  connection_close_and_invalidate_socket(conn);
   if (conn->linked)
     conn->linked_conn_is_closed = 1;
   if (conn->outbuf)
diff --git a/src/lib/tls/tortls_openssl.c b/src/lib/tls/tortls_openssl.c
@@ -1039,7 +1039,7 @@ tor_tls_new(int sock, int isServer)
     goto err;
   }
   result->socket = sock;
-  bio = BIO_new_socket(sock, BIO_NOCLOSE);
+  bio = BIO_new_socket(sock, 0);
   if (! bio) {
     tls_log_errors(NULL, LOG_WARN, LD_NET, "opening BIO");
 #ifdef SSL_set_tlsext_host_name