r16462@catbus: nickm | 2007-11-06 14:40:58 -0500

 Fix bug 544: do not allow buckets to overflow.  Backportable.


svn:r12400

2 files changed, 11 insertions, 3 deletions

diff --git a/ChangeLog b/ChangeLog
index 0f5399fa26..8e7861c05a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -17,6 +17,8 @@ Changes in version 0.2.0.10-alpha - 2007-11-0?
     - Stop servers from crashing if they set a Family option (or
       maybe in other situations too). Bugfix on 0.2.0.9-alpha; reported
       by Fabian Keil.
+    - When the clock jumps forward a lot, do not allow the bandwidth
+      buckets to become negative.  Bugfix on 0.1.2.x; fixes Bug 544.
 
   o Major bugfixes (v3 dir, bugfixes on 0.2.0.9-alpha):
     - Consider replacing the current consensus when certificates arrive
diff --git a/src/or/connection.c b/src/or/connection.c
index daf1e5a7f0..40aa72d56c 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -1638,14 +1638,20 @@ connection_bucket_init(void)
   }
 }
 
+/** DOCDOC */
 static void
 connection_bucket_refill_helper(int *bucket, int rate, int burst,
                                 int seconds_elapsed, const char *name)
 {
-  if (*bucket < burst) {
-    *bucket += rate*seconds_elapsed;
-    if (*bucket > burst)
+  int starting_bucket = *bucket;
+  if (starting_bucket < burst) {
+    int incr = rate*seconds_elapsed;
+    *bucket += incr;
+    if (*bucket > burst || *bucket < starting_bucket) {
+      /* If we overflow the burst, or underflow our starting bucket,
+       * cap the bucket value to burst. */
       *bucket = burst;
+    }
     log(LOG_DEBUG, LD_NET,"%s now %d.", name, *bucket);
   }
 }