Avoid integer overflow in delay calculation.

author: Nick Mathewson <nickm@torproject.org> 2016-11-07 09:58:29 -0500
committer: Nick Mathewson <nickm@torproject.org> 2016-11-07 11:01:21 -0500
commit: 1fdf6e5814ae50ed93338644f97c65b497463141 (patch)
tree: bacf33e13693bfd327db7abedec14354776168d1 /src
parent: 864c42f4d66641028005f8d11868368260a37b84 (diff)
download: tor-1fdf6e5814ae50ed93338644f97c65b497463141.tar.gz
tor-1fdf6e5814ae50ed93338644f97c65b497463141.zip
1 files changed, 7 insertions, 3 deletions
diff --git a/src/or/directory.c b/src/or/directory.c
index d1333a8666..f83f622030 100644
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -3796,11 +3796,15 @@ next_random_exponential_delay(int delay, int max_delay)
 
   /* How much are we willing to add to the delay? */
   int max_increment;
+  const int multiplier = 4; /* no more than quintuple. */
 
-  if (delay)
-    max_increment = delay * 4; /* no more than quintuple. */
-  else
+  if (delay && delay < (INT_MAX-1) / multiplier) {
+    max_increment = delay * multiplier;
+  } else if (delay) {
+    max_increment = INT_MAX-1;
+  } else {
     max_increment = 1; /* we're always willing to slow down a little. */
+  }
 
   /* the + 1 here is so that we include the end of the interval */
   int increment = crypto_rand_int(max_increment+1);
author	Nick Mathewson <nickm@torproject.org>	2016-11-07 09:58:29 -0500
committer	Nick Mathewson <nickm@torproject.org>	2016-11-07 11:01:21 -0500
commit	1fdf6e5814ae50ed93338644f97c65b497463141 (patch)
tree	bacf33e13693bfd327db7abedec14354776168d1 /src
parent	864c42f4d66641028005f8d11868368260a37b84 (diff)
download	tor-1fdf6e5814ae50ed93338644f97c65b497463141.tar.gz tor-1fdf6e5814ae50ed93338644f97c65b497463141.zip