From 0d13e0ed145f4c1b5bd1623ab529d24208304390 Mon Sep 17 00:00:00 2001
From: Roger Dingledine <arma@torproject.org>
Date: Tue, 22 Sep 2009 22:09:33 -0400
Subject: Be more robust to bad circwindow values

If the networkstatus consensus tells us that we should use a
negative circuit package window, ignore it. Otherwise we'll
believe it and then trigger an assert.

Also, change the interface for networkstatus_get_param() so we
don't have to lookup the consensus beforehand.
---
 src/or/circuitlist.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'src/or/circuitlist.c')

diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c
index 259666732..560bec55f 100644
--- a/src/or/circuitlist.c
+++ b/src/or/circuitlist.c
@@ -367,10 +367,11 @@ circuit_purpose_to_controller_string(uint8_t purpose)
 int32_t
 circuit_initial_package_window(void)
 {
-  networkstatus_t *consensus = networkstatus_get_latest_consensus();
-  if (consensus)
-    return networkstatus_get_param(consensus, "circwindow", CIRCWINDOW_START);
-  return CIRCWINDOW_START;
+  int32_t num = networkstatus_get_param(NULL, "circwindow", CIRCWINDOW_START);
+  /* If the consensus tells us a negative number, we'd assert. */
+  if (num < 0)
+    num = CIRCWINDOW_START;
+  return num;
 }
 
 /** Initialize the common elements in a circuit_t, and add it to the global
-- 
cgit v1.2.3