dos: We can put less token than the current amount

Becasue the circuit creation burst and rate can change at runtime it is
possible that between two refill of a bucket, we end up setting the bucket
value to less than there currently is.

Fixes #25128

Signed-off-by: David Goulet <dgoulet@torproject.org>
This commit is contained in:
David Goulet 2018-02-02 17:04:12 -05:00
parent 3bed8fdb91
commit 78d6cb5870

View File

@ -308,8 +308,6 @@ cc_stats_refill_bucket(cc_client_stats_t *stats, const tor_addr_t *addr)
new_circuit_bucket_count = MIN(stats->circuit_bucket + (uint32_t)num_token, new_circuit_bucket_count = MIN(stats->circuit_bucket + (uint32_t)num_token,
dos_cc_circuit_burst); dos_cc_circuit_burst);
} }
/* This function is not allowed to make the bucket count smaller */
tor_assert_nonfatal(new_circuit_bucket_count >= stats->circuit_bucket);
log_debug(LD_DOS, "DoS address %s has its circuit bucket value: %" PRIu32 log_debug(LD_DOS, "DoS address %s has its circuit bucket value: %" PRIu32
". Filling it to %" PRIu32 ". Circuit rate is %" PRIu64 ". Filling it to %" PRIu32 ". Circuit rate is %" PRIu64
". Elapsed time is %" PRIi64, ". Elapsed time is %" PRIi64,