diff options
| -rw-r--r-- | changes/bug8210 | 6 | ||||
| -rw-r--r-- | src/or/cpuworker.c | 4 |
2 files changed, 8 insertions, 2 deletions
diff --git a/changes/bug8210 b/changes/bug8210 new file mode 100644 index 0000000000..85d41b844a --- /dev/null +++ b/changes/bug8210 @@ -0,0 +1,6 @@ + o Minor bugfixes: + - Fix an impossible-to-trigger integer overflow when + estimating how long out onionskin queue would take. (This overflow + would require us to accept 4 million onionskins before processing + 100 of them.) Fixes bug 8210; bugfix on 0.2.4.10-alpha. + diff --git a/src/or/cpuworker.c b/src/or/cpuworker.c index 6b52f3b5d7..444f17cd41 100644 --- a/src/or/cpuworker.c +++ b/src/or/cpuworker.c @@ -222,10 +222,10 @@ uint64_t estimated_usec_for_onionskins(uint32_t n_requests, uint16_t onionskin_type) { if (onionskin_type > MAX_ONION_HANDSHAKE_TYPE) /* should be impossible */ - return 1000 * n_requests; + return 1000 * (uint64_t)n_requests; if (PREDICT_UNLIKELY(onionskins_n_processed[onionskin_type] < 100)) { /* Until we have 100 data points, just asssume everything takes 1 msec. */ - return 1000 * n_requests; + return 1000 * (uint64_t)n_requests; } else { /* This can't overflow: we'll never have more than 500000 onionskins * measured in onionskin_usec_internal, and they won't take anything near |