Fix TROVE-2019-001 (KIST can write above outbuf highwater mark)
From the fix in be84ed1a64ed7ce810bd3924fa96c2588b491ef5:
KIST works by computing how much should be allowed to write to the kernel for
a given socket, and then it writes that amount to the outbuf.
The problem is that it could be possible that the outbuf already has lots of
data in it from a previous scheduling round (because the kernel is full/busy
and Tor was not able to flush the outbuf yet). KIST ignores that the outbuf
has been filling (is above its "highwater") and writes more anyway. The end
result is that the outbuf length would exceed INT_MAX, hence causing an
assertion error and a corresponding "Bug()" message to get printed to the
logs.
This commit makes it for KIST to take into account the outbuf length when
computing the available space.
Change History (11)
Keywords: |
security trove regression added
|
Priority: |
Medium →
Very High
|
Status: |
new →
needs_review
|
Owner: |
set to dgoulet
|
Status: |
needs_review →
assigned
|
Status: |
assigned →
needs_review
|
Status: |
needs_review →
assigned
|
Status: |
assigned →
needs_review
|
Description: |
modified (diff)
|
Resolution: |
→ fixed
|
Status: |
needs_review →
closed
|
Summary: |
Fix TROVE-2019-001 →
Fix TROVE-2019-001 (KIST can write above outbuf highwater mark)
|
Marking tickets as 040-must based on triage with dgoulet.