[tor-bugs] #7729 [Tor]: Reading pending TLS bytes can take us over at_most
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Dec 14 18:27:06 UTC 2012
#7729: Reading pending TLS bytes can take us over at_most
-----------------------+----------------------------------------------------
Reporter: nickm | Owner:
Type: defect | Status: needs_review
Priority: normal | Milestone: Tor: 0.2.4.x-final
Component: Tor | Version:
Keywords: tor-relay | Parent:
Points: | Actualpoints:
-----------------------+----------------------------------------------------
Comment(by nickm):
Also, looking at this code, I see that connection_read_to_buf has exactly
one caller, which first calls it with -1 in *max_to_read, and then keeps
calling with *max_to_read unchanged from however connection_read_to_buf
left it.
With this in mind, the part of the code that does:
{{{
*max_to_read = at_most - n_read;
}}}
seems like it's probably going to be wrong. Maybe instead we should do
something like:
{{{
diff --git a/src/or/connection.c b/src/or/connection.c
index 223bbd9..5850e76 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -2866,9 +2866,10 @@ connection_read_to_buf(connection_t *conn, ssize_t
*max_to_read,
size_t slack_in_buf, more_to_read;
size_t n_read = 0, n_written = 0;
- if (at_most == -1) { /* we need to initialize it */
+ if (at_most < 0) { /* we need to initialize it */
/* how many bytes are we allowed to read? */
at_most = connection_bucket_read_limit(conn, approx_time());
+ *max_to_readd = at_most;
}
slack_in_buf = buf_slack(conn->inbuf);
@@ -2979,7 +2980,7 @@ connection_read_to_buf(connection_t *conn, ssize_t
*max_to_read,
if (n_read > 0) {
/* change *max_to_read */
- *max_to_read = at_most - n_read;
+ *max_to_read -= n_read;
/* Update edge_conn->n_read */
if (conn->type == CONN_TYPE_AP) {
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7729#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list