commit 7654e12be8d8179505add9a7fe381899f73e1aaf
parent e98995bb0899c3af7d8fcd2da9a753a58ad5ec66
Author: David Goulet <dgoulet@torproject.org>
Date: Wed, 27 Jul 2022 11:33:19 -0400
Merge branch 'maint-0.4.6' into maint-0.4.7
Diffstat:
3 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/changes/bug40645 b/changes/bug40645
@@ -0,0 +1,5 @@
+ o Minor bugfixes (defense in depth):
+ - Change a test in the netflow padding code to make it more
+ _obviously_ safe against remotely triggered crashes.
+ (It was safe against these before, but not obviously so.)
+ Fixes bug 40645; bugfix on 0.3.1.1-alpha.
diff --git a/src/core/or/channelpadding.c b/src/core/or/channelpadding.c
@@ -186,7 +186,7 @@ channelpadding_get_netflow_inactive_timeout_ms(const channel_t *chan)
high_timeout = MAX(high_timeout, chan->padding_timeout_high_ms);
}
- if (low_timeout == high_timeout)
+ if (low_timeout >= high_timeout)
return low_timeout; // No randomization
/*
diff --git a/src/core/or/command.c b/src/core/or/command.c
@@ -668,7 +668,7 @@ command_process_destroy_cell(cell_t *cell, channel_t *chan)
* DESTROY cell down the circuit so relays can stop queuing in-flight
* cells for this circuit which helps with memory pressure. */
log_debug(LD_OR, "Received DESTROY cell from n_chan, closing circuit.");
- circuit_mark_for_close(circ, END_CIRC_REASON_TORPROTOCOL);
+ circuit_mark_for_close(circ, reason | END_CIRC_REASON_FLAG_REMOTE);
}
}
}
