Changes between Initial Version and Version 10 of Ticket #29168


Ignore:
Timestamp:
Feb 21, 2019, 3:25:52 PM (6 months ago)
Author:
nickm
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #29168

    • Property Status changed from new to closed
    • Property Summary changed from Fix TROVE-2019-001 to Fix TROVE-2019-001 (KIST can write above outbuf highwater mark)
    • Property Priority changed from Medium to Very High
    • Property Owner set to dgoulet
    • Property Keywords security trove regression 040-must added
    • Property Resolution changed from to fixed
  • Ticket #29168 – Description

    initial v10  
     1From the fix in be84ed1a64ed7ce810bd3924fa96c2588b491ef5:
     2{{{
     3    KIST works by computing how much should be allowed to write to the kernel for
     4    a given socket, and then it writes that amount to the outbuf.
     5   
     6    The problem is that it could be possible that the outbuf already has lots of
     7    data in it from a previous scheduling round (because the kernel is full/busy
     8    and Tor was not able to flush the outbuf yet). KIST ignores that the outbuf
     9    has been filling (is above its "highwater") and writes more anyway. The end
     10    result is that the outbuf length would exceed INT_MAX, hence causing an
     11    assertion error and a corresponding "Bug()" message to get printed to the
     12    logs.
     13   
     14    This commit makes it for KIST to take into account the outbuf length when
     15    computing the available space.
     16}}}