Bug 40569: Reduce accepted range for negotiated cc_sendme_inc

2 files changed, 13 insertions, 25 deletions

diff --git a/src/core/or/congestion_control_common.c b/src/core/or/congestion_control_common.c
index 1e0f504df1..03feb23e01 100644
--- a/src/core/or/congestion_control_common.c
+++ b/src/core/or/congestion_control_common.c
@@ -205,7 +205,7 @@ congestion_control_new_consensus_params(const networkstatus_t *ns)
         RTT_RESET_PCT_MAX);
 
 #define SENDME_INC_MIN 1
-#define SENDME_INC_MAX (255)
+#define SENDME_INC_MAX (254)
   cc_sendme_inc =
     networkstatus_get_param(NULL, "cc_sendme_inc",
         SENDME_INC_DFLT,
@@ -1443,19 +1443,16 @@ bool
 congestion_control_validate_sendme_increment(uint8_t sendme_inc)
 {
   /* We will only accept this response (and this circuit) if sendme_inc
-   * is within a factor of 2 of our consensus value. We should not need
+   * is within +/- 1 of the current consensus value. We should not need
    * to change cc_sendme_inc much, and if we do, we can spread out those
    * changes over smaller increments once every 4 hours. Exits that
    * violate this range should just not be used. */
-#define MAX_SENDME_INC_NEGOTIATE_FACTOR 2
 
   if (sendme_inc == 0)
     return false;
 
-  if (sendme_inc >
-      MAX_SENDME_INC_NEGOTIATE_FACTOR * congestion_control_sendme_inc() ||
-      sendme_inc <
-      congestion_control_sendme_inc() / MAX_SENDME_INC_NEGOTIATE_FACTOR) {
+  if (sendme_inc > (congestion_control_sendme_inc() + 1) ||
+      sendme_inc < (congestion_control_sendme_inc() - 1)) {
     return false;
   }
   return true;
diff --git a/src/test/test_hs_descriptor.c b/src/test/test_hs_descriptor.c
index d96048a0f6..fe9bc24fb2 100644
--- a/src/test/test_hs_descriptor.c
+++ b/src/test/test_hs_descriptor.c
@@ -914,30 +914,21 @@ test_validate_sendme(void *arg)
 {
   (void)arg;
 
-  /* Test basic operation: factors of 2X in either direction are OK */
+  /* Test basic operation: +/- 1 in either direction are OK */
   cc_sendme_inc = 31;
-  tt_assert(congestion_control_validate_sendme_increment(15));
-  tt_assert(congestion_control_validate_sendme_increment(62));
+  tt_assert(congestion_control_validate_sendme_increment(30));
+  tt_assert(congestion_control_validate_sendme_increment(32));
 
-  /* Test basic operation: Exceeding 2X fails */
+  /* Test basic operation: Exceeding +/- 1 fails */
   cc_sendme_inc = 31;
-  tt_assert(!congestion_control_validate_sendme_increment(14));
-  tt_assert(!congestion_control_validate_sendme_increment(63));
+  tt_assert(!congestion_control_validate_sendme_increment(29));
+  tt_assert(!congestion_control_validate_sendme_increment(33));
 
   /* Test potential overflow conditions */
-  cc_sendme_inc = 129;
+  cc_sendme_inc = 254;
   tt_assert(congestion_control_validate_sendme_increment(255));
-  tt_assert(congestion_control_validate_sendme_increment(64));
-  tt_assert(!congestion_control_validate_sendme_increment(63));
-
-  cc_sendme_inc = 127;
-  tt_assert(!congestion_control_validate_sendme_increment(255));
-  tt_assert(congestion_control_validate_sendme_increment(254));
-
-  cc_sendme_inc = 255;
-  tt_assert(congestion_control_validate_sendme_increment(255));
-  tt_assert(congestion_control_validate_sendme_increment(127));
-  tt_assert(!congestion_control_validate_sendme_increment(126));
+  tt_assert(congestion_control_validate_sendme_increment(253));
+  tt_assert(!congestion_control_validate_sendme_increment(252));
 
   /* Test 0 case */
   cc_sendme_inc = 1;