[tor-commits] [tor] 02/06: Fix a check, make a netflow padding function more safe.

[gitolite role]

This is an automated email from the git hooks/post-receive script.

dgoulet pushed a commit to branch main
in repository tor.

commit 8e7bd9636260af3e31997e2ad5ec071c4e7a0153
Author: Nick Mathewson <nickm at torproject.org>
AuthorDate: Wed Jul 27 09:16:50 2022 -0400

    Fix a check, make a netflow padding function more safe.
    
    Previously, `channelpadding_get_netflow_inactive_timeout_ms` would
    crash with an assertion failure if `low_timeout` was greater than
    `high_timeout`. That wasn't possible in practice because of checks
    in `channelpadding_update_padding_for_channel`, but it's better not
    to have a function whose correctness is this tricky to prove.
    
    Fixes #40645.  Bugfix on 0.3.1.1-alpha.
---
 changes/bug40645             | 5 +++++
 src/core/or/channelpadding.c | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/changes/bug40645 b/changes/bug40645
new file mode 100644
index 0000000000..044d5b67d2
--- /dev/null
+++ b/changes/bug40645
@@ -0,0 +1,5 @@
+  o Minor bugfixes (defense in depth):
+    - Change a test in the netflow padding code to make it more
+      _obviously_ safe against remotely triggered crashes.
+      (It was safe against these before, but not obviously so.)
+      Fixes bug 40645; bugfix on 0.3.1.1-alpha.
diff --git a/src/core/or/channelpadding.c b/src/core/or/channelpadding.c
index d0c43e8bdc..d4c19491ac 100644
--- a/src/core/or/channelpadding.c
+++ b/src/core/or/channelpadding.c
@@ -186,7 +186,7 @@ channelpadding_get_netflow_inactive_timeout_ms(const channel_t *chan)
     high_timeout = MAX(high_timeout, chan->padding_timeout_high_ms);
   }
 
-  if (low_timeout == high_timeout)
+  if (low_timeout >= high_timeout)
     return low_timeout; // No randomization
 
   /*

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.