Detect out-of-bounds bwweightscale values early in the voting process

If the authorities agreed on a sufficiently bad bwweightscale value
(<=0 or == INT32_MAX), the bandwidth algorithm could make the voters
assert while computing the consensus.

Fix for bug5786; bugfix on 0.2.2.17-alpha

diff --git a/changes/bug5786_nocrash b/changes/bug5786_nocrash
new file mode 100644 (file)
index 0000000..ec6c5d8
--- /dev/null
+++ b/changes/bug5786_nocrash
@@ -0,0 +1,7 @@
+  o Major bugfixes (directory authorties):
+    - When computing weight parameters, behave more robustly in the
+      presence of a bad bwweightscale value.  Previously, the
+      authorities would crash if they agreed on a sufficiently browken
+      weight_scale value: now, they use a reasonable default and carry
+      on. Partial fix for 5786; bugfix on 0.2.2.17-alpha.
+

diff --git a/src/or/dirvote.c b/src/or/dirvote.c
index 4848917b21cdb1c5224e8a461b21b1453c9879d8..20dc8c26494172416528130748a5952f79d85a64 100644 (file)
--- a/src/or/dirvote.c
+++ b/src/or/dirvote.c
@@ -1005,7 +1005,7 @@ networkstatus_compute_bw_weights_v10(smartlist_t *chunks, int64_t G,
   /* We cast down the weights to 32 bit ints on the assumption that
    * weight_scale is ~= 10000. We need to ensure a rogue authority
    * doesn't break this assumption to rig our weights */
-  tor_assert(0 < weight_scale && weight_scale < INT32_MAX);
+  tor_assert(0 < weight_scale && weight_scale <= INT32_MAX);
 
   /*
    * Provide Wgm=Wgg, Wmm=1, Wem=Wee, Weg=Wed. May later determine
@@ -1233,7 +1233,7 @@ networkstatus_compute_bw_weights_v9(smartlist_t *chunks, int64_t G, int64_t M,
   /* We cast down the weights to 32 bit ints on the assumption that
    * weight_scale is ~= 10000. We need to ensure a rogue authority
    * doesn't break this assumption to rig our weights */
-  tor_assert(0 < weight_scale && weight_scale < INT32_MAX);
+  tor_assert(0 < weight_scale && weight_scale <= INT32_MAX);
 
   if (Wgg < 0 || Wgg > weight_scale) {
     log_warn(LD_DIR, "Bw %s: Wgg="I64_FORMAT"! G="I64_FORMAT
@@ -2019,7 +2019,7 @@ networkstatus_compute_consensus(smartlist_t *votes,
       int ok=0;
       char *eq = strchr(bw_weight_param, '=');
       if (eq) {
-        weight_scale = tor_parse_long(eq+1, 10, INT32_MIN, INT32_MAX, &ok,
+        weight_scale = tor_parse_long(eq+1, 10, 1, INT32_MAX, &ok,
                                          NULL);
         if (!ok) {
           log_warn(LD_DIR, "Bad element '%s' in bw weight param",