summaryrefslogtreecommitdiff
path: root/src/or
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2013-02-11 16:40:48 -0500
committerNick Mathewson <nickm@torproject.org>2013-02-11 16:46:38 -0500
commit719940df2bdfbd0f5ee02a9ca404f345d2fc49e8 (patch)
tree9e0a1eb4df791ee2265f413877f7d036493a8507 /src/or
parent9b2bb901d7c306fd6ca28de527e86379470db89a (diff)
downloadtor-719940df2bdfbd0f5ee02a9ca404f345d2fc49e8.tar.gz
tor-719940df2bdfbd0f5ee02a9ca404f345d2fc49e8.zip
Fix a nigh-impossible overflow in cpuworker.c
When we compute the estimated microseconds we need to handle our pending onionskins, we could (in principle) overflow a uint32_t if we ever had 4 million pending onionskins before we had any data about how onionskins take. Nevertheless, let's compute it properly. Fixes bug 8210; bugfix on 0.2.4.10. Found by coverity; this is CID 980651.
Diffstat (limited to 'src/or')
-rw-r--r--src/or/cpuworker.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/src/or/cpuworker.c b/src/or/cpuworker.c
index 6b52f3b5d7..444f17cd41 100644
--- a/src/or/cpuworker.c
+++ b/src/or/cpuworker.c
@@ -222,10 +222,10 @@ uint64_t
estimated_usec_for_onionskins(uint32_t n_requests, uint16_t onionskin_type)
{
if (onionskin_type > MAX_ONION_HANDSHAKE_TYPE) /* should be impossible */
- return 1000 * n_requests;
+ return 1000 * (uint64_t)n_requests;
if (PREDICT_UNLIKELY(onionskins_n_processed[onionskin_type] < 100)) {
/* Until we have 100 data points, just asssume everything takes 1 msec. */
- return 1000 * n_requests;
+ return 1000 * (uint64_t)n_requests;
} else {
/* This can't overflow: we'll never have more than 500000 onionskins
* measured in onionskin_usec_internal, and they won't take anything near