[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] resolve an edge case in get_unique_circ_id_by_conn



Update of /home/or/cvsroot/src/or
In directory moria.mit.edu:/home2/arma/work/onion/cvs/src/or

Modified Files:
	circuit.c 
Log Message:
resolve an edge case in get_unique_circ_id_by_conn


Index: circuit.c
===================================================================
RCS file: /home/or/cvsroot/src/or/circuit.c,v
retrieving revision 1.119
retrieving revision 1.120
diff -u -d -r1.119 -r1.120
--- circuit.c	16 Dec 2003 09:48:17 -0000	1.119
+++ circuit.c	16 Dec 2003 20:45:10 -0000	1.120
@@ -26,7 +26,6 @@
 /********* END VARIABLES ************/
 
 void circuit_add(circuit_t *circ) {
-
   if(!global_circuitlist) { /* first one */
     global_circuitlist = circ;
     circ->next = NULL;
@@ -34,7 +33,6 @@
     circ->next = global_circuitlist;
     global_circuitlist = circ;
   }
-
 }
 
 void circuit_remove(circuit_t *circ) {
@@ -126,20 +124,26 @@
 /* return 0 if can't get a unique circ_id. */
 static circ_id_t get_unique_circ_id_by_conn(connection_t *conn, int circ_id_type) {
   circ_id_t test_circ_id;
+  int attempts=0;
   uint16_t high_bit;
-  assert(conn && conn->type == CONN_TYPE_OR);
 
+  assert(conn && conn->type == CONN_TYPE_OR);
   high_bit = (circ_id_type == CIRC_ID_TYPE_HIGHER) ? 1<<15 : 0;
   do {
-    /* Sequentially iterate over test_circ_id=1...1<<15-1 until we find an
+    /* Sequentially iterate over test_circ_id=1...1<<15-1 until we find a
      * circID such that (high_bit|test_circ_id) is not already used. */
-    /* XXX Will loop forever if all circ_id's in our range are used.
-     * This matters because it's an external DoS vulnerability. */
     test_circ_id = conn->next_circ_id++;
     if (test_circ_id == 0 || test_circ_id >= 1<<15) {
       test_circ_id = 1;
       conn->next_circ_id = 2;
     }
+    if(++attempts > 1<<15) {
+      /* Make sure we don't loop forever if all circ_id's are used. This
+       * matters because it's an external DoS vulnerability.
+       */
+      log_fn(LOG_WARN,"No unused circ IDs. Failing.");
+      return 0;
+    }
     test_circ_id |= high_bit;
   } while(circuit_get_by_circ_id_conn(test_circ_id, conn));
   return test_circ_id;