[tor-commits] [tor/release-0.3.1] dos: Add extra safety asserts in cc_stats_refill_bucket()

nickm at torproject.org nickm at torproject.org
Fri Feb 16 14:56:21 UTC 2018


commit 305e39d0f8bcc39d45c2877495046bd927347106
Author: David Goulet <dgoulet at torproject.org>
Date:   Tue Feb 13 10:41:21 2018 -0500

    dos: Add extra safety asserts in cc_stats_refill_bucket()
    
    Never allow the function to set a bucket value above the allowed circuit
    burst.
    
    Closes #25202
    
    Signed-off-by: David Goulet <dgoulet at torproject.org>
---
 changes/ticket25202 |  4 ++++
 src/or/dos.c        | 10 ++++++++++
 2 files changed, 14 insertions(+)

diff --git a/changes/ticket25202 b/changes/ticket25202
new file mode 100644
index 000000000..5edef44f0
--- /dev/null
+++ b/changes/ticket25202
@@ -0,0 +1,4 @@
+  o Minor bugfixes (DoS mitigation):
+    - Add extra safety checks when refilling the circuit creation bucket to
+      ensure we never set a value that is above the allowed burst. Fixes
+      ticket 25202.
diff --git a/src/or/dos.c b/src/or/dos.c
index 9e8a7a9ab..e7f3241ef 100644
--- a/src/or/dos.c
+++ b/src/or/dos.c
@@ -309,6 +309,16 @@ cc_stats_refill_bucket(cc_client_stats_t *stats, const tor_addr_t *addr)
     new_circuit_bucket_count = MIN(stats->circuit_bucket + (uint32_t)num_token,
                                    dos_cc_circuit_burst);
   }
+
+  /* This function is not allowed to make the bucket count larger than the
+   * burst value */
+  tor_assert_nonfatal(new_circuit_bucket_count <= dos_cc_circuit_burst);
+  /* This function is not allowed to make the bucket count smaller, unless it
+   * is decreasing it to a newly configured, lower burst value. We allow the
+   * bucket to stay the same size, in case the circuit rate is zero. */
+  tor_assert_nonfatal(new_circuit_bucket_count >= stats->circuit_bucket ||
+                      new_circuit_bucket_count == dos_cc_circuit_burst);
+
   log_debug(LD_DOS, "DoS address %s has its circuit bucket value: %" PRIu32
                     ". Filling it to %" PRIu32 ". Circuit rate is %" PRIu64
                     ". Elapsed time is %" PRIi64,





More information about the tor-commits mailing list