Commit 719940df authored by Nick Mathewson's avatar Nick Mathewson 🤹
Browse files

Fix a nigh-impossible overflow in cpuworker.c 

When we compute the estimated microseconds we need to handle our
pending onionskins, we could (in principle) overflow a uint32_t if
we ever had 4 million pending onionskins before we had any data
about how onionskins take.  Nevertheless, let's compute it properly.

Fixes bug 8210; bugfix on 0.2.4.10. Found by coverity; this is CID
980651.
parent 9b2bb901

changes/bug8210

0 → 100644
+6 −0
Original line number Diff line number Diff line 
  o Minor bugfixes:

    - Fix an impossible-to-trigger integer overflow when

      estimating how long out onionskin queue would take.  (This overflow

      would require us to accept 4 million onionskins before processing

      100 of them.) Fixes bug 8210; bugfix on 0.2.4.10-alpha.

src/or/cpuworker.c

+2 −2
Original line number Diff line number Diff line
@@ -222,10 +222,10 @@ uint64_t 
estimated_usec_for_onionskins(uint32_t n_requests, uint16_t onionskin_type)

{

  if (onionskin_type > MAX_ONION_HANDSHAKE_TYPE) /* should be impossible */

    return 1000 * n_requests;

    return 1000 * (uint64_t)n_requests;

  if (PREDICT_UNLIKELY(onionskins_n_processed[onionskin_type] < 100)) {

    /* Until we have 100 data points, just asssume everything takes 1 msec. */

    return 1000 * n_requests;

    return 1000 * (uint64_t)n_requests;

  } else {

    /* This can't overflow: we'll never have more than 500000 onionskins

     * measured in onionskin_usec_internal, and they won't take anything near