diff options
| author | David Goulet <dgoulet@torproject.org> | 2018-02-13 10:41:21 -0500 |
|---|---|---|
| committer | David Goulet <dgoulet@torproject.org> | 2018-02-13 10:41:21 -0500 |
| commit | 305e39d0f8bcc39d45c2877495046bd927347106 (patch) | |
| tree | 1af61e34ccffaad6da26d0ffcc979f811be36a05 /src/or/dos.c | |
| parent | 1555946e202fef523b35e169c90892b57caea766 (diff) | |
| download | tor-305e39d0f8bcc39d45c2877495046bd927347106.tar.gz tor-305e39d0f8bcc39d45c2877495046bd927347106.zip | |
dos: Add extra safety asserts in cc_stats_refill_bucket()
Never allow the function to set a bucket value above the allowed circuit
burst.
Closes #25202
Signed-off-by: David Goulet <dgoulet@torproject.org>
Diffstat (limited to 'src/or/dos.c')
| -rw-r--r-- | src/or/dos.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/or/dos.c b/src/or/dos.c index 9e8a7a9abe..e7f3241ef4 100644 --- a/src/or/dos.c +++ b/src/or/dos.c @@ -309,6 +309,16 @@ cc_stats_refill_bucket(cc_client_stats_t *stats, const tor_addr_t *addr) new_circuit_bucket_count = MIN(stats->circuit_bucket + (uint32_t)num_token, dos_cc_circuit_burst); } + + /* This function is not allowed to make the bucket count larger than the + * burst value */ + tor_assert_nonfatal(new_circuit_bucket_count <= dos_cc_circuit_burst); + /* This function is not allowed to make the bucket count smaller, unless it + * is decreasing it to a newly configured, lower burst value. We allow the + * bucket to stay the same size, in case the circuit rate is zero. */ + tor_assert_nonfatal(new_circuit_bucket_count >= stats->circuit_bucket || + new_circuit_bucket_count == dos_cc_circuit_burst); + log_debug(LD_DOS, "DoS address %s has its circuit bucket value: %" PRIu32 ". Filling it to %" PRIu32 ". Circuit rate is %" PRIu64 ". Elapsed time is %" PRIi64, |