diff options
| author | Nick Mathewson <nickm@torproject.org> | 2020-01-29 08:49:01 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2020-01-29 08:50:03 -0500 |
| commit | 2985a6018f1123b8843023f09d004f477f59a009 (patch) | |
| tree | c8d2e5cc8a7ccdf6f48887d4d20e71bdf38bae6c | |
| parent | 19954cffd7710ccac778aa5cf15ae1bc6a5d56fa (diff) | |
| download | tor-2985a6018f1123b8843023f09d004f477f59a009.tar.gz tor-2985a6018f1123b8843023f09d004f477f59a009.zip | |
buf_read_from_tls: Return ERROR_MISC, not WANTWRITE, on BUG().
Fixes bug 32673; bugfix on 0.3.0.4-alpha. We introduced these
checks in ee5471f9aab5526 to help diagnose 21369, but we used "-1"
when "TOR_TLS_ERROR_MISC" would have been correct. Found by opara.
I don't think that this is actually getting triggered in the wild,
but if it were, it could cause nasty behavior: spurious
WANTREAD/WANTWRITE returns have a way of turning into CPU-eating
busy-loops.
| -rw-r--r-- | changes/bug32673 | 5 | ||||
| -rw-r--r-- | src/lib/tls/buffers_tls.c | 4 |
2 files changed, 7 insertions, 2 deletions
diff --git a/changes/bug32673 b/changes/bug32673 new file mode 100644 index 0000000000..32f02c6393 --- /dev/null +++ b/changes/bug32673 @@ -0,0 +1,5 @@ + o Minor bugfixes (TLS bug handling): + - When encountering a bug in buf_read_freom_tls(), return a + "MISC" error code rather than "WANTWRITE". This change might + help avoid some CPU-wasting loops if the bug is ever triggered. + Bug reported by opara. Fixes bug 32673; bugfix on 0.3.0.4-alpha. diff --git a/src/lib/tls/buffers_tls.c b/src/lib/tls/buffers_tls.c index e92cb9163f..52be78811d 100644 --- a/src/lib/tls/buffers_tls.c +++ b/src/lib/tls/buffers_tls.c @@ -69,9 +69,9 @@ buf_read_from_tls(buf_t *buf, tor_tls_t *tls, size_t at_most) check_no_tls_errors(); IF_BUG_ONCE(buf->datalen >= INT_MAX) - return -1; + return TOR_TLS_ERROR_MISC; IF_BUG_ONCE(buf->datalen >= INT_MAX - at_most) - return -1; + return TOR_TLS_ERROR_MISC; while (at_most > total_read) { size_t readlen = at_most - total_read; |