[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #24590 [Core Tor/Tor]: sched: Fix integer overflow for KIST
#24590: sched: Fix integer overflow for KIST
------------------------------+--------------------------------
Reporter: dgoulet | Owner: dgoulet
Type: defect | Status: assigned
Priority: High | Milestone: Tor: 0.3.2.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Keywords: tor-sched
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------+--------------------------------
Ticket #24423 found a possible integer overflow with:
{{{
tcp_space = (ent->cwnd - ent->unacked) * (int64_t)ent->mss;
}}}
... if we ever end up with `cwnd` being smaller than `unacked`. I've
observed this on a relay leading to huge values for `tcp_space` which
leads to the wrong TCP limit for the channel.
Any overflow should result in `tcp_space = 0` in practice.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24590>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs