[tor-bugs] #33131 [Core Tor/Tor]: Bug: buf->datalen >= 0x7fffffff
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Mar 18 15:04:05 UTC 2020
#33131: Bug: buf->datalen >= 0x7fffffff
--------------------------+------------------------------------
Reporter: cypherpunks | Owner: (none)
Type: defect | Status: needs_review
Priority: Medium | Milestone: Tor: 0.4.4.x-final
Component: Core Tor/Tor | Version: Tor: 0.4.2.5
Severity: Minor | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: nickm | Sponsor:
--------------------------+------------------------------------
Comment (by nickm):
Replying to [comment:9 cypherpunks]:
> Redid the branch a bit. Not sure how to test it.
>
> Replying to [comment:8 nickm]:
>
> Yeah, the logging shouldn't be in the final version. It would just help
to confirm which number is the one that's extremely high: at_most, or
buf->datalen.
One possibility if you want to keep the logging is to use log_ratelim(),
to prevent it from writing the message too often.
> Logging would definitely be too loud, considering #31036 and #32022.
>
> (Historical note, this
[https://gitweb.torproject.org/tor.git/commit/?id=ee5471f9aab55269c8c480f1f90dfeb08803ac15
particular check] was added in #21369.)
>
> So the high burst value, which becomes `at_most` later, is set in
`connection_or_update_token_buckets_helper`. Doesn't it comes from the
`BandwidthBurst` option, not `BandwidthRate`?
Ultimately, yes, though I think there are other things that influence it.
> As long as we add this sanity check, is there a problem with keeping
this behavior of using that high value from the user's configuration?
`at_most` serves as an upper bound on what can be read from the socket in
one go, so it has to be limited by something like `BUF_MAX_LEN`, but the
burst limit in the token bucket doesn't have to be limited by that. The
burst limit persists across multiple calls to `connection_handle_read()`
(and any draining of `inbuf` in between calls).
Hm. I guess this might not be a problem, though I'd be surprised if the
code as it stands actually could deliver such a high burst.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33131#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list