r15626@catbus: nickm | 2007-10-10 11:02:32 -0400

 Resolve bug 516: Never report our bandwidth-history as over RelayBandwidthRate*NUM_SECS_BW_SUM_INTERVAL.


svn:r11833

ChangeLog

@@ -60,6 +60,11 @@ Changes in version 0.2.0.8-alpha - 2007-??-??
       cache when canceling a pending resolve.  Don't log unless stuff
       is fishy.  Resolves bug 463.
 
+  o Minor bugfixes (Security):
+    - Never report that we've used more bandwidth than we're willing to
+      relay: it leaks how much non-relay traffic we're using.  Resolves bug
+      516.
+
   o Code simplifications and refactoring:
     - Make a bunch of functions static.  Remove some dead code.
     - Pull out about a third of the really big routerlist.c; put it in a

src/or/rephist.c

@@ -1014,6 +1014,8 @@ rep_hist_fill_bandwidth_history(char *buf, size_t len, bw_array_t *b)
 {
   char *cp = buf;
   int i, n;
+  or_options_t *options = get_options();
+  uint64_t cutoff;
 
   if (b->num_maxes_set <= b->next_max_idx) {
     /* We haven't been through the circular array yet; time starts at i=0.*/
@@ -1024,6 +1026,15 @@ rep_hist_fill_bandwidth_history(char *buf, size_t len, bw_array_t *b)
     i = b->next_max_idx;
   }
 
+  if (options->RelayBandwidthRate) {
+    /* We don't want to report that we used more bandwidth than the max we're
+     * willing to relay; otherwise everybody will know how much traffic
+     * we used ourself. */
+    cutoff = options->RelayBandwidthRate * NUM_SECS_BW_SUM_INTERVAL;
+  } else {
+    cutoff = UINT64_MAX;
+  }
+
   for (n=0; n<b->num_maxes_set; ++n,++i) {
     uint64_t total;
     if (i >= NUM_TOTALS)
@@ -1031,6 +1042,9 @@ rep_hist_fill_bandwidth_history(char *buf, size_t len, bw_array_t *b)
     tor_assert(i < NUM_TOTALS);
     /* Round the bandwidth used down to the nearest 1k. */
     total = b->totals[i] & ~0x3ff;
+    if (total > cutoff)
+      total = cutoff;
+
     if (n==(b->num_maxes_set-1))
       tor_snprintf(cp, len-(cp-buf), U64_FORMAT, U64_PRINTF_ARG(total));
     else