Browse Source

Merge branch 'maint-0.3.4' into maint-0.3.5

Nick Mathewson 5 years ago
parent
commit
4a8a1f76ea
2 changed files with 6 additions and 1 deletions
  1. 5 0
      changes/ticket29168
  2. 1 1
      src/core/or/scheduler_kist.c

+ 5 - 0
changes/ticket29168

@@ -0,0 +1,5 @@
+  o Major bugfixes (cell scheduler, KIST):
+    - Make KIST to always take into account the outbuf length when computing
+      what we can actually put in the outbuf. This could lead to the outbuf
+      being filled up and thus a possible memory DoS vector. TROVE-2019-001.
+      Fixes bug 29168; bugfix on 0.3.2.1-alpha.

+ 1 - 1
src/core/or/scheduler_kist.c

@@ -286,7 +286,7 @@ update_socket_info_impl, (socket_table_ent_t *ent))
   extra_space =
     clamp_double_to_int64(
                  (ent->cwnd * (int64_t)ent->mss) * sock_buf_size_factor) -
-    ent->notsent;
+    ent->notsent - (int64_t)channel_outbuf_length((channel_t *) ent->chan);
   if ((tcp_space + extra_space) < 0) {
     /* This means that the "notsent" queue is just too big so we shouldn't put
      * more in the kernel for now. */