diff options
author | Christian Grothoff <grothoff@gnunet.org> | 2022-03-12 05:20:03 +0100 |
---|---|---|
committer | Christian Grothoff <grothoff@gnunet.org> | 2022-03-12 05:20:03 +0100 |
commit | 3ecdd45a715c745fa3fd73bb67b808425e907b75 (patch) | |
tree | 5ec364401144fdf3c915128cffd56f9a6f003a60 | |
parent | f818a3feb7b354ad1dd2bc7abd903d710cc83f11 (diff) | |
download | gnunet-3ecdd45a715c745fa3fd73bb67b808425e907b75.tar.gz gnunet-3ecdd45a715c745fa3fd73bb67b808425e907b75.zip |
truncate paths if sigs are bad instead of just discarding the message
-rw-r--r-- | src/dht/gnunet-service-dht_neighbours.c | 167 |
1 files changed, 70 insertions, 97 deletions
diff --git a/src/dht/gnunet-service-dht_neighbours.c b/src/dht/gnunet-service-dht_neighbours.c index 7e570d4f5..9d27d6a88 100644 --- a/src/dht/gnunet-service-dht_neighbours.c +++ b/src/dht/gnunet-service-dht_neighbours.c | |||
@@ -1682,8 +1682,6 @@ GDS_NEIGHBOURS_handle_reply (struct PeerInfo *pi, | |||
1682 | } | 1682 | } |
1683 | } | 1683 | } |
1684 | #endif | 1684 | #endif |
1685 | |||
1686 | |||
1687 | do_send (pi, | 1685 | do_send (pi, |
1688 | &prm->header); | 1686 | &prm->header); |
1689 | } | 1687 | } |
@@ -1702,24 +1700,10 @@ static enum GNUNET_GenericReturnValue | |||
1702 | check_dht_p2p_put (void *cls, | 1700 | check_dht_p2p_put (void *cls, |
1703 | const struct PeerPutMessage *put) | 1701 | const struct PeerPutMessage *put) |
1704 | { | 1702 | { |
1705 | struct Target *t = cls; | ||
1706 | struct PeerInfo *peer = t->pi; | ||
1707 | enum GNUNET_DHT_RouteOption options | ||
1708 | = (enum GNUNET_DHT_RouteOption) ntohs (put->options); | ||
1709 | const struct GNUNET_DHT_PathElement *put_path | ||
1710 | = (const struct GNUNET_DHT_PathElement *) &put[1]; | ||
1711 | uint16_t msize = ntohs (put->header.size); | 1703 | uint16_t msize = ntohs (put->header.size); |
1712 | uint16_t putlen = ntohs (put->put_path_length); | 1704 | uint16_t putlen = ntohs (put->put_path_length); |
1713 | struct GDS_DATACACHE_BlockData bd = { | ||
1714 | .key = put->key, | ||
1715 | .expiration_time = GNUNET_TIME_absolute_ntoh (put->expiration_time), | ||
1716 | .type = ntohl (put->type), | ||
1717 | .data_size = msize - (sizeof(*put) | ||
1718 | + putlen * sizeof(struct GNUNET_DHT_PathElement)), | ||
1719 | .data = &put_path[putlen] | ||
1720 | }; | ||
1721 | struct GNUNET_DHT_PathElement pp[putlen + 1]; | ||
1722 | 1705 | ||
1706 | (void) cls; | ||
1723 | if ( (msize < | 1707 | if ( (msize < |
1724 | sizeof(struct PeerPutMessage) | 1708 | sizeof(struct PeerPutMessage) |
1725 | + putlen * sizeof(struct GNUNET_DHT_PathElement)) || | 1709 | + putlen * sizeof(struct GNUNET_DHT_PathElement)) || |
@@ -1729,52 +1713,6 @@ check_dht_p2p_put (void *cls, | |||
1729 | GNUNET_break_op (0); | 1713 | GNUNET_break_op (0); |
1730 | return GNUNET_SYSERR; | 1714 | return GNUNET_SYSERR; |
1731 | } | 1715 | } |
1732 | |||
1733 | GNUNET_memcpy (pp, | ||
1734 | put_path, | ||
1735 | putlen * sizeof(struct GNUNET_DHT_PathElement)); | ||
1736 | pp[putlen].pred = peer->id; | ||
1737 | /* zero-out signature, not valid until we actually do forward! */ | ||
1738 | memset (&pp[putlen].sig, | ||
1739 | 0, | ||
1740 | sizeof (pp[putlen].sig)); | ||
1741 | #if SANITY_CHECKS | ||
1742 | /* extend 'put path' by sender */ | ||
1743 | if (0 != (options & GNUNET_DHT_RO_RECORD_ROUTE)) | ||
1744 | { | ||
1745 | for (unsigned int i = 0; i <= putlen; i++) | ||
1746 | { | ||
1747 | for (unsigned int j = 0; j < i; j++) | ||
1748 | { | ||
1749 | GNUNET_break (0 != | ||
1750 | GNUNET_memcmp (&pp[i].pred, | ||
1751 | &pp[j].pred)); | ||
1752 | } | ||
1753 | if (i < putlen) | ||
1754 | GNUNET_break (0 != | ||
1755 | GNUNET_memcmp (&pp[i].pred, | ||
1756 | &peer->id)); | ||
1757 | } | ||
1758 | if (0 != | ||
1759 | GNUNET_DHT_verify_path (bd.data, | ||
1760 | bd.data_size, | ||
1761 | bd.expiration_time, | ||
1762 | pp, | ||
1763 | putlen + 1, | ||
1764 | NULL, 0, /* get_path */ | ||
1765 | &GDS_my_identity)) | ||
1766 | { | ||
1767 | GNUNET_break_op (0); | ||
1768 | return GNUNET_SYSERR; | ||
1769 | } | ||
1770 | } | ||
1771 | else if (0 != putlen) | ||
1772 | { | ||
1773 | GNUNET_break_op (0); | ||
1774 | return GNUNET_SYSERR; | ||
1775 | } | ||
1776 | #endif | ||
1777 | |||
1778 | return GNUNET_OK; | 1716 | return GNUNET_OK; |
1779 | } | 1717 | } |
1780 | 1718 | ||
@@ -1830,7 +1768,47 @@ handle_dht_p2p_put (void *cls, | |||
1830 | GNUNET_break_op (0); | 1768 | GNUNET_break_op (0); |
1831 | return; | 1769 | return; |
1832 | } | 1770 | } |
1771 | { | ||
1772 | #if SANITY_CHECKS | ||
1773 | struct GNUNET_DHT_PathElement pp[putlen + 1]; | ||
1833 | 1774 | ||
1775 | GNUNET_memcpy (pp, | ||
1776 | put_path, | ||
1777 | putlen * sizeof(struct GNUNET_DHT_PathElement)); | ||
1778 | pp[putlen].pred = peer->id; | ||
1779 | /* zero-out signature, not valid until we actually do forward! */ | ||
1780 | memset (&pp[putlen].sig, | ||
1781 | 0, | ||
1782 | sizeof (pp[putlen].sig)); | ||
1783 | for (unsigned int i = 0; i <= putlen; i++) | ||
1784 | { | ||
1785 | for (unsigned int j = 0; j < i; j++) | ||
1786 | { | ||
1787 | GNUNET_break (0 != | ||
1788 | GNUNET_memcmp (&pp[i].pred, | ||
1789 | &pp[j].pred)); | ||
1790 | } | ||
1791 | if (i < putlen) | ||
1792 | GNUNET_break (0 != | ||
1793 | GNUNET_memcmp (&pp[i].pred, | ||
1794 | &peer->id)); | ||
1795 | } | ||
1796 | if (0 != | ||
1797 | GNUNET_DHT_verify_path (bd.data, | ||
1798 | bd.data_size, | ||
1799 | bd.expiration_time, | ||
1800 | pp, | ||
1801 | putlen + 1, | ||
1802 | NULL, 0, /* get_path */ | ||
1803 | &GDS_my_identity)) | ||
1804 | { | ||
1805 | GNUNET_break_op (0); | ||
1806 | putlen = 0; | ||
1807 | } | ||
1808 | #endif | ||
1809 | } | ||
1810 | if (0 == (options & GNUNET_DHT_RO_RECORD_ROUTE)) | ||
1811 | putlen = 0; | ||
1834 | GNUNET_STATISTICS_update (GDS_stats, | 1812 | GNUNET_STATISTICS_update (GDS_stats, |
1835 | "# P2P PUT requests received", | 1813 | "# P2P PUT requests received", |
1836 | 1, | 1814 | 1, |
@@ -2315,17 +2293,11 @@ static enum GNUNET_GenericReturnValue | |||
2315 | check_dht_p2p_result (void *cls, | 2293 | check_dht_p2p_result (void *cls, |
2316 | const struct PeerResultMessage *prm) | 2294 | const struct PeerResultMessage *prm) |
2317 | { | 2295 | { |
2318 | struct Target *t = cls; | ||
2319 | struct PeerInfo *peer = t->pi; | ||
2320 | uint16_t get_path_length = ntohs (prm->get_path_length); | 2296 | uint16_t get_path_length = ntohs (prm->get_path_length); |
2321 | uint16_t put_path_length = ntohs (prm->put_path_length); | 2297 | uint16_t put_path_length = ntohs (prm->put_path_length); |
2322 | uint16_t msize = ntohs (prm->header.size); | 2298 | uint16_t msize = ntohs (prm->header.size); |
2323 | const struct GNUNET_DHT_PathElement *pp | ||
2324 | = (const struct GNUNET_DHT_PathElement *) &prm[1]; | ||
2325 | const struct GNUNET_DHT_PathElement *gp | ||
2326 | = &pp[put_path_length]; | ||
2327 | struct GNUNET_DHT_PathElement gpx[get_path_length + 1]; | ||
2328 | 2299 | ||
2300 | (void) cls; | ||
2329 | if ( (msize < | 2301 | if ( (msize < |
2330 | sizeof(struct PeerResultMessage) | 2302 | sizeof(struct PeerResultMessage) |
2331 | + (get_path_length + put_path_length) | 2303 | + (get_path_length + put_path_length) |
@@ -2338,33 +2310,6 @@ check_dht_p2p_result (void *cls, | |||
2338 | GNUNET_break_op (0); | 2310 | GNUNET_break_op (0); |
2339 | return GNUNET_SYSERR; | 2311 | return GNUNET_SYSERR; |
2340 | } | 2312 | } |
2341 | |||
2342 | #if SANITY_CHECKS | ||
2343 | memcpy (gpx, | ||
2344 | gp, | ||
2345 | get_path_length | ||
2346 | * sizeof (struct GNUNET_DHT_PathElement)); | ||
2347 | gpx[get_path_length].pred = peer->id; | ||
2348 | memset (&gpx[get_path_length].sig, | ||
2349 | 0, | ||
2350 | sizeof (gpx[get_path_length].sig)); | ||
2351 | if (0 != | ||
2352 | GNUNET_DHT_verify_path (&gp[get_path_length], | ||
2353 | msize - (sizeof(struct PeerResultMessage) | ||
2354 | + (get_path_length + put_path_length) | ||
2355 | * sizeof(struct GNUNET_DHT_PathElement)), | ||
2356 | GNUNET_TIME_absolute_ntoh (prm->expiration_time), | ||
2357 | pp, | ||
2358 | put_path_length, | ||
2359 | gpx, | ||
2360 | get_path_length + 1, | ||
2361 | &GDS_my_identity)) | ||
2362 | { | ||
2363 | GNUNET_break_op (0); | ||
2364 | return GNUNET_SYSERR; | ||
2365 | } | ||
2366 | #endif | ||
2367 | |||
2368 | return GNUNET_OK; | 2313 | return GNUNET_OK; |
2369 | } | 2314 | } |
2370 | 2315 | ||
@@ -2473,6 +2418,34 @@ handle_dht_p2p_result (void *cls, | |||
2473 | GNUNET_break_op (0); | 2418 | GNUNET_break_op (0); |
2474 | return; | 2419 | return; |
2475 | } | 2420 | } |
2421 | { | ||
2422 | #if SANITY_CHECKS | ||
2423 | struct GNUNET_DHT_PathElement gpx[get_path_length + 1]; | ||
2424 | |||
2425 | memcpy (gpx, | ||
2426 | get_path, | ||
2427 | get_path_length | ||
2428 | * sizeof (struct GNUNET_DHT_PathElement)); | ||
2429 | gpx[get_path_length].pred = peer->id; | ||
2430 | memset (&gpx[get_path_length].sig, | ||
2431 | 0, | ||
2432 | sizeof (gpx[get_path_length].sig)); | ||
2433 | if (0 != | ||
2434 | GNUNET_DHT_verify_path (bd.data, | ||
2435 | bd.data_size, | ||
2436 | bd.expiration_time, | ||
2437 | bd.put_path, | ||
2438 | bd.put_path_length, | ||
2439 | gpx, | ||
2440 | get_path_length + 1, | ||
2441 | &GDS_my_identity)) | ||
2442 | { | ||
2443 | GNUNET_break_op (0); | ||
2444 | get_path_length = 0; | ||
2445 | bd.put_path_length = 0; | ||
2446 | } | ||
2447 | #endif | ||
2448 | } | ||
2476 | GNUNET_STATISTICS_update (GDS_stats, | 2449 | GNUNET_STATISTICS_update (GDS_stats, |
2477 | "# P2P RESULTS received", | 2450 | "# P2P RESULTS received", |
2478 | 1, | 2451 | 1, |