[tor-bugs] #29168 [Core Tor/Tor]: Fix TROVE-2019-001 (KIST can write above outbuf highwater mark) (was: Fix TROVE-2019-001)
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Feb 21 15:25:52 UTC 2019
#29168: Fix TROVE-2019-001 (KIST can write above outbuf highwater mark)
-------------------------------------------------+-------------------------
Reporter: nickm | Owner: dgoulet
Type: defect | Status: closed
Priority: Very High | Milestone: Tor:
| 0.4.0.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution: fixed
Keywords: security, trove, regression, | Actual Points:
040-must |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Changes (by nickm):
* status: needs_review => closed
* resolution: => fixed
Old description:
New description:
From the fix in be84ed1a64ed7ce810bd3924fa96c2588b491ef5:
{{{
KIST works by computing how much should be allowed to write to the
kernel for
a given socket, and then it writes that amount to the outbuf.
The problem is that it could be possible that the outbuf already has
lots of
data in it from a previous scheduling round (because the kernel is
full/busy
and Tor was not able to flush the outbuf yet). KIST ignores that the
outbuf
has been filling (is above its "highwater") and writes more anyway.
The end
result is that the outbuf length would exceed INT_MAX, hence causing
an
assertion error and a corresponding "Bug()" message to get printed to
the
logs.
This commit makes it for KIST to take into account the outbuf length
when
computing the available space.
}}}
--
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29168#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list