tor

The Tor anonymity network
git clone https://git.dasho.dev/tor.git
Log | Files | Refs | README | LICENSE
commit 8e7bd9636260af3e31997e2ad5ec071c4e7a0153
parent 8d8afc4efa538682ef2b80f6664456b34b84e519
Author: Nick Mathewson <nickm@torproject.org>
Date:   Wed, 27 Jul 2022 09:16:50 -0400

Fix a check, make a netflow padding function more safe.

Previously, `channelpadding_get_netflow_inactive_timeout_ms` would
crash with an assertion failure if `low_timeout` was greater than
`high_timeout`. That wasn't possible in practice because of checks
in `channelpadding_update_padding_for_channel`, but it's better not
to have a function whose correctness is this tricky to prove.

Fixes #40645.  Bugfix on 0.3.1.1-alpha.

Diffstat:

Achanges/bug40645 | 5+++++


Msrc/core/or/channelpadding.c | 2+-


2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/changes/bug40645 b/changes/bug40645
@@ -0,0 +1,5 @@
+  o Minor bugfixes (defense in depth):
+    - Change a test in the netflow padding code to make it more
+      _obviously_ safe against remotely triggered crashes.
+      (It was safe against these before, but not obviously so.)
+      Fixes bug 40645; bugfix on 0.3.1.1-alpha.
diff --git a/src/core/or/channelpadding.c b/src/core/or/channelpadding.c
@@ -186,7 +186,7 @@ channelpadding_get_netflow_inactive_timeout_ms(const channel_t *chan)
     high_timeout = MAX(high_timeout, chan->padding_timeout_high_ms);
   }
 
-  if (low_timeout == high_timeout)
+  if (low_timeout >= high_timeout)
     return low_timeout; // No randomization
 
   /*