Make pending libevent actions cancelable

This avoids a dangling pointer issue in the 3412 code, and should
fix bug 4599.

1 files changed, 3 insertions, 10 deletions

diff --git a/src/common/tortls.c b/src/common/tortls.c
index b4d81de2f..a6947c87d 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -1339,16 +1339,9 @@ tor_tls_got_client_hello(tor_tls_t *tls)
              tls->excess_renegotiations_callback) {
     /* We got more than one renegotiation requests. The Tor protocol
        needs just one renegotiation; more than that probably means
-       They are trying to DoS us and we have to stop them. We can't
-       close their connection from in here since it's an OpenSSL
-       callback, so we set a libevent timer that triggers in the next
-       event loop and closes the connection. */
-
-    if (tor_run_in_libevent_loop(tls->excess_renegotiations_callback,
-                                 tls->callback_arg) < 0) {
-      log_warn(LD_GENERAL, "Didn't manage to set a renegotiation "
-               "limiting callback.");
-    }
+       They are trying to DoS us and we have to stop them. */
+
+    tls->excess_renegotiations_callback(tls->callback_arg);
   }
 
   /* Now check the cipher list. */