[tor-commits] [tor/master] Detect out-of-bounds bwweightscale values early in the voting process

nickm at torproject.org nickm at torproject.org
Thu May 10 19:47:56 UTC 2012 

commit d9ba9f91d25210f10f740d243899dbe99f8acb60
Author: Nick Mathewson <nickm at torproject.org>
Date:   Mon May 7 12:44:34 2012 -0400

    Detect out-of-bounds bwweightscale values early in the voting process
    
    If the authorities agreed on a sufficiently bad bwweightscale value
    (<=0 or == INT32_MAX), the bandwidth algorithm could make the voters
    assert while computing the consensus.
    
    Fix for bug5786; bugfix on 0.2.2.17-alpha
---
 changes/bug5786_nocrash |    7 +++++++
 src/or/dirvote.c        |    6 +++---
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/changes/bug5786_nocrash b/changes/bug5786_nocrash
new file mode 100644
index 0000000..ec6c5d8
--- /dev/null
+++ b/changes/bug5786_nocrash
@@ -0,0 +1,7 @@
+  o Major bugfixes (directory authorties):
+    - When computing weight parameters, behave more robustly in the
+      presence of a bad bwweightscale value.  Previously, the
+      authorities would crash if they agreed on a sufficiently browken
+      weight_scale value: now, they use a reasonable default and carry
+      on. Partial fix for 5786; bugfix on 0.2.2.17-alpha.
+
diff --git a/src/or/dirvote.c b/src/or/dirvote.c
index 4848917..20dc8c2 100644
--- a/src/or/dirvote.c
+++ b/src/or/dirvote.c
@@ -1005,7 +1005,7 @@ networkstatus_compute_bw_weights_v10(smartlist_t *chunks, int64_t G,
   /* We cast down the weights to 32 bit ints on the assumption that
    * weight_scale is ~= 10000. We need to ensure a rogue authority
    * doesn't break this assumption to rig our weights */
-  tor_assert(0 < weight_scale && weight_scale < INT32_MAX);
+  tor_assert(0 < weight_scale && weight_scale <= INT32_MAX);
 
   /*
    * Provide Wgm=Wgg, Wmm=1, Wem=Wee, Weg=Wed. May later determine
@@ -1233,7 +1233,7 @@ networkstatus_compute_bw_weights_v9(smartlist_t *chunks, int64_t G, int64_t M,
   /* We cast down the weights to 32 bit ints on the assumption that
    * weight_scale is ~= 10000. We need to ensure a rogue authority
    * doesn't break this assumption to rig our weights */
-  tor_assert(0 < weight_scale && weight_scale < INT32_MAX);
+  tor_assert(0 < weight_scale && weight_scale <= INT32_MAX);
 
   if (Wgg < 0 || Wgg > weight_scale) {
     log_warn(LD_DIR, "Bw %s: Wgg="I64_FORMAT"! G="I64_FORMAT
@@ -2019,7 +2019,7 @@ networkstatus_compute_consensus(smartlist_t *votes,
       int ok=0;
       char *eq = strchr(bw_weight_param, '=');
       if (eq) {
-        weight_scale = tor_parse_long(eq+1, 10, INT32_MIN, INT32_MAX, &ok,
+        weight_scale = tor_parse_long(eq+1, 10, 1, INT32_MAX, &ok,
                                          NULL);
         if (!ok) {
           log_warn(LD_DIR, "Bad element '%s' in bw weight param",

More information about the tor-commits mailing list