fix race condition that can cause crashes at client or exit relay

Avoid crashing if the client is trying to upload many bytes and the
circuit gets torn down at the same time, or if the flip side
happens on the exit relay. Bugfix on 0.2.0.1-alpha; fixes bug 1150.

ChangeLog

@@ -4,6 +4,9 @@ Changes in Version 0.2.1.21 - 20??-??-??
       handshake from working unless we explicitly tell OpenSSL that we are
       using SSL renegotiation safely.  We are, of course, but OpenSSL
       0.9.8l won't work unless we say we are.
+    - Avoid crashing if the client is trying to upload many bytes and the
+      circuit gets torn down at the same time, or if the flip side
+      happens on the exit relay. Bugfix on 0.2.0.1-alpha; fixes bug 1150.
 
   o Minor bugfixes:
     - Do not refuse to learn about authority certs and v2 networkstatus

src/or/circuitlist.c

@@ -1097,6 +1097,7 @@ _circuit_mark_for_close(circuit_t *circ, int reason, int line,
     edge_connection_t *conn;
     for (conn=or_circ->n_streams; conn; conn=conn->next_stream)
       connection_edge_destroy(or_circ->p_circ_id, conn);
+    or_circ->n_streams = NULL;
 
     while (or_circ->resolving_streams) {
       conn = or_circ->resolving_streams;
@@ -1120,6 +1121,7 @@ _circuit_mark_for_close(circuit_t *circ, int reason, int line,
     edge_connection_t *conn;
     for (conn=ocirc->p_streams; conn; conn=conn->next_stream)
       connection_edge_destroy(circ->n_circ_id, conn);
+    ocirc->p_streams = NULL;
   }
 
   circ->marked_for_close = line;