From 96c562fa495ccd325b93a59affcba5d06de250ec Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Thu, 17 Nov 2011 11:54:07 -0500
Subject: [PATCH] Move SSL rate-limit enforcement into bytes_to_read()

---
 bufferevent_openssl.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/bufferevent_openssl.c b/bufferevent_openssl.c
index 7d822d9e..07dcdf8e 100644
--- a/bufferevent_openssl.c
+++ b/bufferevent_openssl.c
@@ -711,6 +711,10 @@ bytes_to_read(struct bufferevent_openssl *bev)
 {
 	struct evbuffer *input = bev->bev.bev.input;
 	struct event_watermark *wm = &bev->bev.bev.wm_read;
+	int result = READ_DEFAULT;
+	ev_ssize_t limit;
+	/* XXX 99% of this is generic code that nearly all bufferevents will
+	 * want. */
 
 	if (bev->write_blocked_on_read) {
 		return 0;
@@ -729,10 +733,18 @@ bytes_to_read(struct bufferevent_openssl *bev)
 			return 0;
 		}
 
-		return wm->high - evbuffer_get_length(input);
+		result = wm->high - evbuffer_get_length(input);
+	} else {
+		result = READ_DEFAULT;
+	}
+
+	/* Respect the rate limit */
+	limit = _bufferevent_get_read_max(&bev->bev);
+	if (result > limit) {
+		result = limit;
 	}
 
-	return READ_DEFAULT;
+	return result;
 }
 
 
-- 
2.40.0