mirror of
https://github.com/PurpleI2P/i2pd
synced 2024-11-10 00:00:29 +03:00
* Add LeaseSetBufferValidate which checks lease validity and extracts timestamp
* check for leases with LeaseSetBufferValidate before update in floodfill code as to prevent malicous nodes removing good LS
This commit is contained in:
Jeff Becker
parent
3820b51960
commit
4a77a03033
@ -265,5 +265,39 @@ namespace data
|
|||||||
auto ts = i2p::util::GetMillisecondsSinceEpoch ();
|
auto ts = i2p::util::GetMillisecondsSinceEpoch ();
|
||||||
return ts > m_ExpirationTime;
|
return ts > m_ExpirationTime;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
bool LeaseSetBufferValidate(const uint8_t * ptr, size_t sz, uint64_t & expires)
|
||||||
|
{
|
||||||
|
IdentityEx ident(ptr, sz);
|
||||||
|
size_t size = ident.GetFullLen ();
|
||||||
|
if (size > sz)
|
||||||
|
{
|
||||||
|
LogPrint (eLogError, "LeaseSet: identity length ", size, " exceeds buffer size ", sz);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
// encryption key
|
||||||
|
size += 256;
|
||||||
|
// signing key (unused)
|
||||||
|
size += ident.GetSigningPublicKeyLen ();
|
||||||
|
uint8_t numLeases = ptr[size];
|
||||||
|
++size;
|
||||||
|
if (!numLeases || numLeases > MAX_NUM_LEASES)
|
||||||
|
{
|
||||||
|
LogPrint (eLogError, "LeaseSet: incorrect number of leases", (int)numLeases);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
const uint8_t * leases = ptr + size;
|
||||||
|
expires = 0;
|
||||||
|
/** find lease with the max expiration timestamp */
|
||||||
|
for (int i = 0; i < numLeases; i++)
|
||||||
|
{
|
||||||
|
leases += 36; // gateway + tunnel ID
|
||||||
|
uint64_t endDate = bufbe64toh (leases);
|
||||||
|
leases += 8; // end date
|
||||||
|
if(endDate > expires)
|
||||||
|
expires = endDate;
|
||||||
|
}
|
||||||
|
return ident.Verify(ptr, leases - ptr, leases);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -95,6 +95,12 @@ namespace data
|
|||||||
size_t m_BufferLen;
|
size_t m_BufferLen;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
validate lease set buffer signature and extract expiration timestamp
|
||||||
|
@returns true if the leaseset is well formed and signature is valid
|
||||||
|
*/
|
||||||
|
bool LeaseSetBufferValidate(const uint8_t * ptr, size_t sz, uint64_t & expires);
|
||||||
|
|
||||||
class LocalLeaseSet
|
class LocalLeaseSet
|
||||||
{
|
{
|
||||||
public:
|
public:
|
||||||
|
|||||||
@ -237,22 +237,20 @@ namespace data
|
|||||||
auto it = m_LeaseSets.find(ident);
|
auto it = m_LeaseSets.find(ident);
|
||||||
if (it != m_LeaseSets.end ())
|
if (it != m_LeaseSets.end ())
|
||||||
{
|
{
|
||||||
if (it->second->IsNewer (buf, len))
|
uint64_t expires;
|
||||||
|
if(LeaseSetBufferValidate(buf, len, expires))
|
||||||
{
|
{
|
||||||
it->second->Update (buf, len);
|
if(it->second->GetExpirationTime() < expires)
|
||||||
if (it->second->IsValid ())
|
|
||||||
{
|
{
|
||||||
|
it->second->Update (buf, len);
|
||||||
LogPrint (eLogInfo, "NetDb: LeaseSet updated: ", ident.ToBase32());
|
LogPrint (eLogInfo, "NetDb: LeaseSet updated: ", ident.ToBase32());
|
||||||
updated = true;
|
updated = true;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
LogPrint(eLogDebug, "NetDb: LeaseSet is older: ", ident.ToBase32());
|
||||||
LogPrint (eLogWarning, "NetDb: LeaseSet update failed: ", ident.ToBase32());
|
|
||||||
m_LeaseSets.erase (it);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
LogPrint (eLogDebug, "NetDb: LeaseSet is older: ", ident.ToBase32());
|
LogPrint(eLogError, "NetDb: LeaseSet is invalid: ", ident.ToBase32());
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user