Fix integer overflow in the rate-limiter (#19435).

77459b97 · Ivan Markin · Nick Mathewson · 264fb7eb · 77459b97 · 77459b97
Commit 77459b97 authored 8 years ago by Ivan Markin Committed by Nick Mathewson 8 years ago
--- a/changes/bug19435
+++ b/changes/bug19435
+  o Major bugfixes (user interface):
+    - Fix an integer overflow in the rate-limiter that caused displaying of
+      wrong number of suppressed messages (if there are too many of them).
+      If the number of messages hits the limit of messages per interval the
+      rate-limiter drops a warning and doesn't count any further.
+      Fixes bug 19435.
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -1983,7 +1983,9 @@ update_approx_time(time_t now)

 /** If the rate-limiter <b>lim</b> is ready at <b>now</b>, return the number
 * of calls to rate_limit_is_ready (including this one!) since the last time
- * rate_limit_is_ready returned nonzero.  Otherwise return 0. */
+ * rate_limit_is_ready returned nonzero.  Otherwise return 0.
+ * If the call number hits <b>RATELIM_TOOMANY</b> limit, drop a warning
+ * about this event and stop counting. */
 static int
 rate_limit_is_ready(ratelim_t *lim, time_t now)
 {
@@ -1993,7 +1995,15 @@ rate_limit_is_ready(ratelim_t *lim, time_t now)
    lim->n_calls_since_last_time = 0;
    return res;
  } else {
-    ++lim->n_calls_since_last_time;
+    if (lim->n_calls_since_last_time < RATELIM_TOOMANY) {
+      ++lim->n_calls_since_last_time;
+    } else if (lim->n_calls_since_last_time == RATELIM_TOOMANY) {
+      log_warn(LD_GENERAL,
+        "Enormously large number of messages (%d). It's probably a bug.",
+        RATELIM_TOOMANY);
+      ++lim->n_calls_since_last_time;
+    }
+
    return 0;
  }
 }

--- a/src/common/util.h
+++ b/src/common/util.h
@@ -292,6 +292,7 @@ typedef struct ratelim_t {
 } ratelim_t;

 #define RATELIM_INIT(r) { (r), 0, 0 }
+#define RATELIM_TOOMANY (16*1000)

 char *rate_limit_log(ratelim_t *lim, time_t now);