diff options
author | Nick Mathewson <nickm@torproject.org> | 2017-09-29 10:29:40 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2017-09-29 10:29:40 -0400 |
commit | fc6c0b46fb2741d58e4c8afc22800c76c304b0dc (patch) | |
tree | f9461a7565b85a57e27be1900f11d277cd9e42c0 | |
parent | 8ccefa7b7afac9626a9e448c0cc4694f5fa51097 (diff) | |
parent | b0ddaac07428a06b3167a3cf7be848d45bf3e406 (diff) | |
download | tor-fc6c0b46fb2741d58e4c8afc22800c76c304b0dc.tar.gz tor-fc6c0b46fb2741d58e4c8afc22800c76c304b0dc.zip |
Merge branch 'bug23690_additional_032'
-rw-r--r-- | changes/bug23690_additional_032 | 4 | ||||
-rw-r--r-- | src/common/buffers.c | 8 | ||||
-rw-r--r-- | src/common/buffers_tls.c | 8 |
3 files changed, 16 insertions, 4 deletions
diff --git a/changes/bug23690_additional_032 b/changes/bug23690_additional_032 new file mode 100644 index 0000000000..218917dca9 --- /dev/null +++ b/changes/bug23690_additional_032 @@ -0,0 +1,4 @@ + o Minor features (robustness): + - Change several fatal assertions when flushing buffers into + non-fatal assertions, to prevent any recurrence of 23690. + diff --git a/src/common/buffers.c b/src/common/buffers.c index e9e4487832..c45e13d551 100644 --- a/src/common/buffers.c +++ b/src/common/buffers.c @@ -648,8 +648,12 @@ buf_flush_to_socket(buf_t *buf, tor_socket_t s, size_t sz, size_t flushed = 0; tor_assert(buf_flushlen); tor_assert(SOCKET_OK(s)); - tor_assert(*buf_flushlen <= buf->datalen); - tor_assert(sz <= *buf_flushlen); + if (BUG(*buf_flushlen > buf->datalen)) { + *buf_flushlen = buf->datalen; + } + if (BUG(sz > *buf_flushlen)) { + sz = *buf_flushlen; + } check(); while (sz) { diff --git a/src/common/buffers_tls.c b/src/common/buffers_tls.c index 8dbd4bcc8e..041f78b818 100644 --- a/src/common/buffers_tls.c +++ b/src/common/buffers_tls.c @@ -142,8 +142,12 @@ buf_flush_to_tls(buf_t *buf, tor_tls_t *tls, size_t flushlen, size_t flushed = 0; ssize_t sz; tor_assert(buf_flushlen); - tor_assert(*buf_flushlen <= buf->datalen); - tor_assert(flushlen <= *buf_flushlen); + if (BUG(*buf_flushlen > buf->datalen)) { + *buf_flushlen = buf->datalen; + } + if (BUG(flushlen > *buf_flushlen)) { + flushlen = *buf_flushlen; + } sz = (ssize_t) flushlen; /* we want to let tls write even if flushlen is zero, because it might |