commit 2985a6018f1123b8843023f09d004f477f59a009
parent 19954cffd7710ccac778aa5cf15ae1bc6a5d56fa
Author: Nick Mathewson <nickm@torproject.org>
Date: Wed, 29 Jan 2020 08:49:01 -0500
buf_read_from_tls: Return ERROR_MISC, not WANTWRITE, on BUG().
Fixes bug 32673; bugfix on 0.3.0.4-alpha. We introduced these
checks in ee5471f9aab5526 to help diagnose 21369, but we used "-1"
when "TOR_TLS_ERROR_MISC" would have been correct. Found by opara.
I don't think that this is actually getting triggered in the wild,
but if it were, it could cause nasty behavior: spurious
WANTREAD/WANTWRITE returns have a way of turning into CPU-eating
busy-loops.
Diffstat:
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/changes/bug32673 b/changes/bug32673
@@ -0,0 +1,5 @@
+ o Minor bugfixes (TLS bug handling):
+ - When encountering a bug in buf_read_freom_tls(), return a
+ "MISC" error code rather than "WANTWRITE". This change might
+ help avoid some CPU-wasting loops if the bug is ever triggered.
+ Bug reported by opara. Fixes bug 32673; bugfix on 0.3.0.4-alpha.
diff --git a/src/lib/tls/buffers_tls.c b/src/lib/tls/buffers_tls.c
@@ -69,9 +69,9 @@ buf_read_from_tls(buf_t *buf, tor_tls_t *tls, size_t at_most)
check_no_tls_errors();
IF_BUG_ONCE(buf->datalen >= INT_MAX)
- return -1;
+ return TOR_TLS_ERROR_MISC;
IF_BUG_ONCE(buf->datalen >= INT_MAX - at_most)
- return -1;
+ return TOR_TLS_ERROR_MISC;
while (at_most > total_read) {
size_t readlen = at_most - total_read;
