From: Nick Mathewson <nickm@torproject.org>
Date: Tue, 12 Aug 2014 16:15:09 +0000 (-0400)
Subject: Fix another case of 12848 in circuit_handle_first_hop
X-Git-Tag: tor-0.2.5.7-rc~19^2~2^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=0044d74b3c51cf5824435e76eca2a675b51a14bc;p=thirdparty%2Ftor.git

Fix another case of 12848 in circuit_handle_first_hop

I looked for other places where we set circ->n_chan early, and found
one in circuit_handle_first_hop() right before it calls
circuit_send_next_onion_skin(). If onion_skin_create() fails there,
then n_chan will still be set when circuit_send_next_onion_skin()
returns. We should probably fix that too.
---

diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c
index 11f8250934..5325eff64a 100644
--- a/src/or/circuitbuild.c
+++ b/src/or/circuitbuild.c
@@ -475,6 +475,7 @@ circuit_handle_first_hop(origin_circuit_t *circ)
     log_debug(LD_CIRC,"Conn open. Delivering first onion skin.");
     if ((err_reason = circuit_send_next_onion_skin(circ)) < 0) {
       log_info(LD_CIRC,"circuit_send_next_onion_skin failed.");
+      circ->base_.n_chan = NULL;
       return err_reason;
     }
   }