commit 00a93b19cf0db9c0f47a48d55c658058f976ab93 parent df3484b2b01835c075b57c30b2ea3ac260ee157c Author: Nick Mathewson <nickm@torproject.org> Date: Thu, 21 Feb 2019 10:08:14 -0500 Merge branch 'maint-0.3.5' into maint-0.4.0 Diffstat:
| A | changes/ticket29168 | | | 5 | +++++ |
| M | src/core/or/scheduler_kist.c | | | 2 | +- |
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/changes/ticket29168 b/changes/ticket29168 @@ -0,0 +1,5 @@ + o Major bugfixes (cell scheduler, KIST): + - Make KIST to always take into account the outbuf length when computing + what we can actually put in the outbuf. This could lead to the outbuf + being filled up and thus a possible memory DoS vector. TROVE-2019-001. + Fixes bug 29168; bugfix on 0.3.2.1-alpha. diff --git a/src/core/or/scheduler_kist.c b/src/core/or/scheduler_kist.c @@ -286,7 +286,7 @@ update_socket_info_impl, (socket_table_ent_t *ent)) extra_space = clamp_double_to_int64( (ent->cwnd * (int64_t)ent->mss) * sock_buf_size_factor) - - ent->notsent; + ent->notsent - (int64_t)channel_outbuf_length((channel_t *) ent->chan); if ((tcp_space + extra_space) < 0) { /* This means that the "notsent" queue is just too big so we shouldn't put * more in the kernel for now. */