Commit 8e7bd963 authored by Nick Mathewson's avatar Nick Mathewson 🐚
Browse files

Fix a check, make a netflow padding function more safe. 

Previously, `channelpadding_get_netflow_inactive_timeout_ms` would
crash with an assertion failure if `low_timeout` was greater than
`high_timeout`. That wasn't possible in practice because of checks
in `channelpadding_update_padding_for_channel`, but it's better not
to have a function whose correctness is this tricky to prove.

Fixes #40645.  Bugfix on 0.3.1.1-alpha.
parent 8d8afc4e

changes/bug40645

0 → 100644
+5 −0
Original line number Diff line number Diff line 
  o Minor bugfixes (defense in depth):

    - Change a test in the netflow padding code to make it more

      _obviously_ safe against remotely triggered crashes.

      (It was safe against these before, but not obviously so.)

      Fixes bug 40645; bugfix on 0.3.1.1-alpha.

src/core/or/channelpadding.c

+1 −1
Original line number Diff line number Diff line
@@ -186,7 +186,7 @@ channelpadding_get_netflow_inactive_timeout_ms(const channel_t *chan) 
    high_timeout = MAX(high_timeout, chan->padding_timeout_high_ms);

  }



  if (low_timeout == high_timeout)

  if (low_timeout >= high_timeout)

    return low_timeout; // No randomization



  /*