dark/zerotiertspu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add rate limit on receive of DIRECT_PATH_PUSH to prevent DOS exploitation.

Browse source
This commit is contained in:
Adam Ierymenko 2015-10-16 10:28:09 -07:00
parent 2229e91b57
commit 5ce3aac929
4 changed files with 39 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

32
node/Peer.hpp
View file

@ -408,6 +408,16 @@ public:
*/
bool needsOurNetworkMembershipCertificate(uint64_t nwid,uint64_t now,bool updateLastPushedTime);
/**
* @return Time last direct path push was received
*/
inline uint64_t lastDirectPathPushReceived() const throw() { return _lastDirectPathPushReceived; }
/**
* @param t New time of last direct path push received
*/
inline void setLastDirectPathPushReceived(uint64_t t) throw() { _lastDirectPathPushReceived = t; }
/**
* Perform periodic cleaning operations
*/
@ -438,10 +448,10 @@ public:
{
Mutex::Lock _l(_lock);
const unsigned int atPos = b.size();
const unsigned int recSizePos = b.size();
b.addSize(4); // space for uint32_t field length
b.append((uint32_t)1); // version of serialized Peer data
b.append((uint16_t)1); // version of serialized Peer data
_id.serialize(b,false);
@ -451,7 +461,8 @@ public:
b.append((uint64_t)_lastMulticastFrame);
b.append((uint64_t)_lastAnnouncedTo);
b.append((uint64_t)_lastPathConfirmationSent);
b.append((uint64_t)_lastDirectPathPush);
b.append((uint64_t)_lastDirectPathPushSent);
b.append((uint64_t)_lastDirectPathPushReceived);
b.append((uint64_t)_lastPathSort);
b.append((uint16_t)_vProto);
b.append((uint16_t)_vMajor);
@ -486,7 +497,7 @@ public:
}
}
b.setAt(atPos,(uint32_t)(b.size() - atPos)); // set size
b.setAt(recSizePos,(uint32_t)((b.size() - 4) - recSizePos)); // set size
}
/**
@ -500,13 +511,12 @@ public:
template<unsigned int C>
static inline SharedPtr<Peer> deserializeNew(const Identity &myIdentity,const Buffer<C> &b,unsigned int &p)
{
const uint32_t recSize = b.template at<uint32_t>(p);
const uint32_t recSize = b.template at<uint32_t>(p); p += 4;
if ((p + recSize) > b.size())
return SharedPtr<Peer>(); // size invalid
p += 4;
if (b.template at<uint32_t>(p) != 1)
if (b.template at<uint16_t>(p) != 1)
return SharedPtr<Peer>(); // version mismatch
p += 4;
p += 2;
Identity npid;
p += npid.deserialize(b,p);
@ -521,7 +531,8 @@ public:
np->_lastMulticastFrame = b.template at<uint64_t>(p); p += 8;
np->_lastAnnouncedTo = b.template at<uint64_t>(p); p += 8;
np->_lastPathConfirmationSent = b.template at<uint64_t>(p); p += 8;
np->_lastDirectPathPush = b.template at<uint64_t>(p); p += 8;
np->_lastDirectPathPushSent = b.template at<uint64_t>(p); p += 8;
np->_lastDirectPathPushReceived = b.template at<uint64_t>(p); p += 8;
np->_lastPathSort = b.template at<uint64_t>(p); p += 8;
np->_vProto = b.template at<uint16_t>(p); p += 2;
np->_vMajor = b.template at<uint16_t>(p); p += 2;
@ -570,7 +581,8 @@ private:
uint64_t _lastMulticastFrame;
uint64_t _lastAnnouncedTo;
uint64_t _lastPathConfirmationSent;
uint64_t _lastDirectPathPush;
uint64_t _lastDirectPathPushSent;
uint64_t _lastDirectPathPushReceived;
uint64_t _lastPathSort;
uint16_t _vProto;
uint16_t _vMajor;