[tor-commits] [tor] branch main updated: state: Fix segfault on malformed file

gitolite role git at cupani.torproject.org
Tue Jan 10 16:53:21 UTC 2023 

This is an automated email from the git hooks/post-receive script.

dgoulet pushed a commit to branch main
in repository tor.

The following commit(s) were added to refs/heads/main by this push:
     new 4db610d6d9 state: Fix segfault on malformed file
     new c420667a2e Merge branch 'tor-gitlab/mr/676'
4db610d6d9 is described below

commit 4db610d6d96f711d3bd1e8f2a0080d83f1f5fcd0
Author: David Goulet <dgoulet at torproject.org>
AuthorDate: Tue Jan 10 09:24:09 2023 -0500

    state: Fix segfault on malformed file
    
    Having no TotalBuildTimes along a positive CircuitBuildAbandonedCount
    count lead to a segfault. We check for that condition and then BUG + log
    warn if that is the case.
    
    It should never happened in theory but if someone modified their state
    file, it can lead to this problem so instead of segfaulting, warn.
    
    Fixes #40437
    
    Signed-off-by: David Goulet <dgoulet at torproject.org>
---
 changes/ticket40437        |  4 ++++
 src/core/or/circuitstats.c | 12 ++++++++++++
 2 files changed, 16 insertions(+)

diff --git a/changes/ticket40437 b/changes/ticket40437
new file mode 100644
index 0000000000..85ba49583c
--- /dev/null
+++ b/changes/ticket40437
@@ -0,0 +1,4 @@
+  o Minor bugfixes (state file):
+    - Avoid a segfault if the state file doesn't contains TotalBuildTimes along
+      CircuitBuildAbandonedCount being above 0. Fixes bug 40437; bugfix on
+      0.3.5.1-alpha.
diff --git a/src/core/or/circuitstats.c b/src/core/or/circuitstats.c
index c759ddf281..7a6c2014bf 100644
--- a/src/core/or/circuitstats.c
+++ b/src/core/or/circuitstats.c
@@ -1018,6 +1018,18 @@ circuit_build_times_parse_state(circuit_build_times_t *cbt,
     return 0;
   }
 
+  /* We had a case where someone removed their TotalBuildTimes from the state
+   * files while having CircuitBuildAbandonedCount above 0 leading to a
+   * segfault (#40437). Simply bug on it and return an error so at least the
+   * user will learn that they broke the state file. */
+  if (BUG(state->TotalBuildTimes <= 0 &&
+          state->CircuitBuildAbandonedCount > 0)) {
+    log_warn(LD_GENERAL, "CircuitBuildAbandonedCount count is above 0 but "
+                         "no TotalBuildTimes have been found. Unable to "
+                         "parse broken state file");
+    return -1;
+  }
+
   /* build_time_t 0 means uninitialized */
   loaded_times = tor_calloc(state->TotalBuildTimes, sizeof(build_time_t));
 

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

More information about the tor-commits mailing list