diff options
author | Mike Perry <mikeperry-git@torproject.org> | 2018-05-27 01:42:35 +0000 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2018-06-21 09:18:51 -0400 |
commit | dc397f9a61e2e2caeea1acd46beab0e7205eaa9f (patch) | |
tree | 10873c6d992c92d9efdeda18192b54a55b056b6f /src/or | |
parent | d27745d81de8829d1a6da851fe9be057458e86df (diff) | |
download | tor-dc397f9a61e2e2caeea1acd46beab0e7205eaa9f.tar.gz tor-dc397f9a61e2e2caeea1acd46beab0e7205eaa9f.zip |
Bug 26214: Check stream SENDME against max.
Diffstat (limited to 'src/or')
-rw-r--r-- | src/or/or.h | 1 | ||||
-rw-r--r-- | src/or/relay.c | 24 |
2 files changed, 23 insertions, 2 deletions
diff --git a/src/or/or.h b/src/or/or.h index e106ec66fa..db8f9544fe 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -929,6 +929,7 @@ typedef enum { /** Initial value on both sides of a stream transmission window when the * stream is initialized. Measured in cells. */ #define STREAMWINDOW_START 500 +#define STREAMWINDOW_START_MAX 500 /** Amount to increment a stream window when we get a stream SENDME. */ #define STREAMWINDOW_INCREMENT 50 diff --git a/src/or/relay.c b/src/or/relay.c index 50f59d6b99..3632678af6 100644 --- a/src/or/relay.c +++ b/src/or/relay.c @@ -1752,8 +1752,7 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ, circuit_resume_edge_reading(circ, layer_hint); /* We count circuit-level sendme's as valid delivered data because - * they are rate limited. Note that we cannot count stream - * sendme's because the other end could send as many as they like. + * they are rate limited. */ if (CIRCUIT_IS_ORIGIN(circ)) { circuit_read_valid_data(TO_ORIGIN_CIRCUIT(circ), @@ -1783,6 +1782,27 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ, rh.stream_id); return 0; } + + /* Don't allow the other endpoint to request more than our maximim + * (ie initial) stream SENDME window worth of data. Well-behaved + * stock clients will not request more than this max (as per the check + * in the while loop of connection_edge_consider_sending_sendme()). + */ + if (conn->package_window + STREAMWINDOW_INCREMENT > + STREAMWINDOW_START_MAX) { + static struct ratelim_t stream_warn_ratelim = RATELIM_INIT(600); + log_fn_ratelim(&stream_warn_ratelim,LOG_PROTOCOL_WARN, LD_PROTOCOL, + "Unexpected stream sendme cell. Closing circ (window %d).", + conn->package_window); + return -END_CIRC_REASON_TORPROTOCOL; + } + + /* At this point, the stream sendme is valid */ + if (CIRCUIT_IS_ORIGIN(circ)) { + circuit_read_valid_data(TO_ORIGIN_CIRCUIT(circ), + rh.length); + } + conn->package_window += STREAMWINDOW_INCREMENT; log_debug(domain,"stream-level sendme, packagewindow now %d.", conn->package_window); |