Fix a check, make a netflow padding function more safe.

Previously, `channelpadding_get_netflow_inactive_timeout_ms` would
crash with an assertion failure if `low_timeout` was greater than
`high_timeout`. That wasn't possible in practice because of checks
in `channelpadding_update_padding_for_channel`, but it's better not
to have a function whose correctness is this tricky to prove.

Fixes #40645.  Bugfix on 0.3.1.1-alpha.

diff --git a/changes/bug40645 b/changes/bug40645
new file mode 100644 (file)
index 0000000..044d5b6
--- /dev/null
+++ b/changes/bug40645
@@ -0,0 +1,5 @@
+  o Minor bugfixes (defense in depth):
+    - Change a test in the netflow padding code to make it more
+      _obviously_ safe against remotely triggered crashes.
+      (It was safe against these before, but not obviously so.)
+      Fixes bug 40645; bugfix on 0.3.1.1-alpha.

diff --git a/src/core/or/channelpadding.c b/src/core/or/channelpadding.c
index d0c43e8bdc915d80754dcaac0b0abdd48fa7ff08..d4c19491ac7bbc6c07c8441cb0e50525a4c48e1f 100644 (file)
--- a/src/core/or/channelpadding.c
+++ b/src/core/or/channelpadding.c
@@ -186,7 +186,7 @@ channelpadding_get_netflow_inactive_timeout_ms(const channel_t *chan)
     high_timeout = MAX(high_timeout, chan->padding_timeout_high_ms);
   }
 
-  if (low_timeout == high_timeout)
+  if (low_timeout >= high_timeout)
     return low_timeout; // No randomization
 
   /*