commit 2985a6018f1123b8843023f09d004f477f59a009 Author: Nick Mathewson nickm@torproject.org Date: Wed Jan 29 08:49:01 2020 -0500
buf_read_from_tls: Return ERROR_MISC, not WANTWRITE, on BUG().
Fixes bug 32673; bugfix on 0.3.0.4-alpha. We introduced these checks in ee5471f9aab5526 to help diagnose 21369, but we used "-1" when "TOR_TLS_ERROR_MISC" would have been correct. Found by opara.
I don't think that this is actually getting triggered in the wild, but if it were, it could cause nasty behavior: spurious WANTREAD/WANTWRITE returns have a way of turning into CPU-eating busy-loops. --- changes/bug32673 | 5 +++++ src/lib/tls/buffers_tls.c | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/changes/bug32673 b/changes/bug32673 new file mode 100644 index 000000000..32f02c639 --- /dev/null +++ b/changes/bug32673 @@ -0,0 +1,5 @@ + o Minor bugfixes (TLS bug handling): + - When encountering a bug in buf_read_freom_tls(), return a + "MISC" error code rather than "WANTWRITE". This change might + help avoid some CPU-wasting loops if the bug is ever triggered. + Bug reported by opara. Fixes bug 32673; bugfix on 0.3.0.4-alpha. diff --git a/src/lib/tls/buffers_tls.c b/src/lib/tls/buffers_tls.c index e92cb9163..52be78811 100644 --- a/src/lib/tls/buffers_tls.c +++ b/src/lib/tls/buffers_tls.c @@ -69,9 +69,9 @@ buf_read_from_tls(buf_t *buf, tor_tls_t *tls, size_t at_most) check_no_tls_errors();
IF_BUG_ONCE(buf->datalen >= INT_MAX) - return -1; + return TOR_TLS_ERROR_MISC; IF_BUG_ONCE(buf->datalen >= INT_MAX - at_most) - return -1; + return TOR_TLS_ERROR_MISC;
while (at_most > total_read) { size_t readlen = at_most - total_read;