From: Nick Mathewson <nickm@torproject.org>
Date: Tue, 6 Nov 2007 19:42:37 +0000 (+0000)
Subject:  r16462@catbus:  nickm | 2007-11-06 14:40:58 -0500
X-Git-Tag: tor-0.2.0.10-alpha~32
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=be1a5191f8e0ca14b6db0880660d5897964fef40;p=thirdparty%2Ftor.git

 r16462@catbus:  nickm | 2007-11-06 14:40:58 -0500
 Fix bug 544: do not allow buckets to overflow.  Backportable.


svn:r12400
---

diff --git a/ChangeLog b/ChangeLog
index 0f5399fa26..8e7861c05a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -17,6 +17,8 @@ Changes in version 0.2.0.10-alpha - 2007-11-0?
     - Stop servers from crashing if they set a Family option (or
       maybe in other situations too). Bugfix on 0.2.0.9-alpha; reported
       by Fabian Keil.
+    - When the clock jumps forward a lot, do not allow the bandwidth
+      buckets to become negative.  Bugfix on 0.1.2.x; fixes Bug 544.
 
   o Major bugfixes (v3 dir, bugfixes on 0.2.0.9-alpha):
     - Consider replacing the current consensus when certificates arrive
diff --git a/src/or/connection.c b/src/or/connection.c
index daf1e5a7f0..40aa72d56c 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -1638,14 +1638,20 @@ connection_bucket_init(void)
   }
 }
 
+/** DOCDOC */
 static void
 connection_bucket_refill_helper(int *bucket, int rate, int burst,
                                 int seconds_elapsed, const char *name)
 {
-  if (*bucket < burst) {
-    *bucket += rate*seconds_elapsed;
-    if (*bucket > burst)
+  int starting_bucket = *bucket;
+  if (starting_bucket < burst) {
+    int incr = rate*seconds_elapsed;
+    *bucket += incr;
+    if (*bucket > burst || *bucket < starting_bucket) {
+      /* If we overflow the burst, or underflow our starting bucket,
+       * cap the bucket value to burst. */
       *bucket = burst;
+    }
     log(LOG_DEBUG, LD_NET,"%s now %d.", name, *bucket);
   }
 }