p2p: sanitize peer lists
Also remove the delta time fixup, since we now ignore those as they're attacker controlled
This commit is contained in:
parent
c9df9d683a
commit
e353e3d757
|
@ -349,8 +349,7 @@ namespace nodetool
|
||||||
bool get_local_node_data(basic_node_data& node_data, const network_zone& zone);
|
bool get_local_node_data(basic_node_data& node_data, const network_zone& zone);
|
||||||
//bool get_local_handshake_data(handshake_data& hshd);
|
//bool get_local_handshake_data(handshake_data& hshd);
|
||||||
|
|
||||||
bool merge_peerlist_with_local(const std::vector<peerlist_entry>& bs);
|
bool sanitize_peerlist(std::vector<peerlist_entry>& local_peerlist);
|
||||||
bool fix_time_delta(std::vector<peerlist_entry>& local_peerlist, time_t local_time, int64_t& delta);
|
|
||||||
|
|
||||||
bool connections_maker();
|
bool connections_maker();
|
||||||
bool peer_sync_idle_maker();
|
bool peer_sync_idle_maker();
|
||||||
|
|
|
@ -1815,21 +1815,32 @@ namespace nodetool
|
||||||
}
|
}
|
||||||
//-----------------------------------------------------------------------------------
|
//-----------------------------------------------------------------------------------
|
||||||
template<class t_payload_net_handler>
|
template<class t_payload_net_handler>
|
||||||
bool node_server<t_payload_net_handler>::fix_time_delta(std::vector<peerlist_entry>& local_peerlist, time_t local_time, int64_t& delta)
|
bool node_server<t_payload_net_handler>::sanitize_peerlist(std::vector<peerlist_entry>& local_peerlist)
|
||||||
{
|
{
|
||||||
//fix time delta
|
for (size_t i = 0; i < local_peerlist.size(); ++i)
|
||||||
time_t now = 0;
|
|
||||||
time(&now);
|
|
||||||
delta = now - local_time;
|
|
||||||
|
|
||||||
for(peerlist_entry& be: local_peerlist)
|
|
||||||
{
|
{
|
||||||
if(be.last_seen > local_time)
|
bool ignore = false;
|
||||||
|
peerlist_entry &be = local_peerlist[i];
|
||||||
|
epee::net_utils::network_address &na = be.adr;
|
||||||
|
if (na.is_loopback() || na.is_local())
|
||||||
{
|
{
|
||||||
MWARNING("FOUND FUTURE peerlist for entry " << be.adr.str() << " last_seen: " << be.last_seen << ", local_time(on remote node):" << local_time);
|
ignore = true;
|
||||||
return false;
|
|
||||||
}
|
}
|
||||||
be.last_seen += delta;
|
else if (be.adr.get_type_id() == epee::net_utils::ipv4_network_address::get_type_id())
|
||||||
|
{
|
||||||
|
const epee::net_utils::ipv4_network_address &ipv4 = na.as<const epee::net_utils::ipv4_network_address>();
|
||||||
|
if (ipv4.ip() == 0)
|
||||||
|
ignore = true;
|
||||||
|
}
|
||||||
|
if (ignore)
|
||||||
|
{
|
||||||
|
MDEBUG("Ignoring " << be.adr.str());
|
||||||
|
std::swap(local_peerlist[i], local_peerlist[local_peerlist.size() - 1]);
|
||||||
|
local_peerlist.resize(local_peerlist.size() - 1);
|
||||||
|
--i;
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
#ifdef CRYPTONOTE_PRUNING_DEBUG_SPOOF_SEED
|
#ifdef CRYPTONOTE_PRUNING_DEBUG_SPOOF_SEED
|
||||||
be.pruning_seed = tools::make_pruning_seed(1 + (be.adr.as<epee::net_utils::ipv4_network_address>().ip()) % (1ul << CRYPTONOTE_PRUNING_LOG_STRIPES), CRYPTONOTE_PRUNING_LOG_STRIPES);
|
be.pruning_seed = tools::make_pruning_seed(1 + (be.adr.as<epee::net_utils::ipv4_network_address>().ip()) % (1ul << CRYPTONOTE_PRUNING_LOG_STRIPES), CRYPTONOTE_PRUNING_LOG_STRIPES);
|
||||||
#endif
|
#endif
|
||||||
|
@ -1840,9 +1851,8 @@ namespace nodetool
|
||||||
template<class t_payload_net_handler>
|
template<class t_payload_net_handler>
|
||||||
bool node_server<t_payload_net_handler>::handle_remote_peerlist(const std::vector<peerlist_entry>& peerlist, time_t local_time, const epee::net_utils::connection_context_base& context)
|
bool node_server<t_payload_net_handler>::handle_remote_peerlist(const std::vector<peerlist_entry>& peerlist, time_t local_time, const epee::net_utils::connection_context_base& context)
|
||||||
{
|
{
|
||||||
int64_t delta = 0;
|
|
||||||
std::vector<peerlist_entry> peerlist_ = peerlist;
|
std::vector<peerlist_entry> peerlist_ = peerlist;
|
||||||
if(!fix_time_delta(peerlist_, local_time, delta))
|
if(!sanitize_peerlist(peerlist_))
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
const epee::net_utils::zone zone = context.m_remote_address.get_zone();
|
const epee::net_utils::zone zone = context.m_remote_address.get_zone();
|
||||||
|
@ -1855,8 +1865,8 @@ namespace nodetool
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
LOG_DEBUG_CC(context, "REMOTE PEERLIST: TIME_DELTA: " << delta << ", remote peerlist size=" << peerlist_.size());
|
LOG_DEBUG_CC(context, "REMOTE PEERLIST: remote peerlist size=" << peerlist_.size());
|
||||||
LOG_DEBUG_CC(context, "REMOTE PEERLIST: " << print_peerlist_to_string(peerlist_));
|
LOG_DEBUG_CC(context, "REMOTE PEERLIST: " << ENDL << print_peerlist_to_string(peerlist_));
|
||||||
return m_network_zones.at(context.m_remote_address.get_zone()).m_peerlist.merge_peerlist(peerlist_);
|
return m_network_zones.at(context.m_remote_address.get_zone()).m_peerlist.merge_peerlist(peerlist_);
|
||||||
}
|
}
|
||||||
//-----------------------------------------------------------------------------------
|
//-----------------------------------------------------------------------------------
|
||||||
|
|
Loading…
Reference in New Issue