Git-Mirrors/monero
1
0
Fork 0
mirror of https://github.com/monero-project/monero.git synced 2024-10-01 11:49:47 -04:00
Code Issues Packages Projects Releases Wiki Activity

p2p: fix integer overflow in host bans

Browse Source
This commit is contained in:
moneromooo-monero 2019-04-11 21:57:51 +00:00
parent 9c77dbf376
commit 5858598604
No known key found for this signature in database
GPG Key ID: 686F07454D6CEFC3
2 changed files with 25 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/p2p/net_node.inl
View File

@ -176,8 +176,15 @@ namespace nodetool
if(!addr.is_blockable())
return false;
const time_t now = time(nullptr);
CRITICAL_REGION_LOCAL(m_blocked_hosts_lock);
m_blocked_hosts[addr.host_str()] = time(nullptr) + seconds;
time_t limit;
if (now > std::numeric_limits<time_t>::max() - seconds)
limit = std::numeric_limits<time_t>::max();
else
limit = now + seconds;
m_blocked_hosts[addr.host_str()] = limit;
// drop any connection to that address. This should only have to look into
// the zone related to the connection, but really make sure everything is

29
tests/unit_tests/ban.cpp
View File

@ -93,18 +93,7 @@ typedef nodetool::node_server<cryptonote::t_cryptonote_protocol_handler<test_cor
static bool is_blocked(Server &server, const epee::net_utils::network_address &address, time_t *t = NULL)
{
const std::string host = address.host_str();
std::map<std::string, time_t> hosts = server.get_blocked_hosts();
for (auto rec: hosts)
{
if (rec.first == host)
{
if (t)
*t = rec.second;
return true;
}
}
return false;
return server.is_host_blocked(address.host_str(), t);
}
TEST(ban, add)
@ -192,5 +181,21 @@ TEST(ban, add)
ASSERT_TRUE(t >= 4);
}
TEST(ban, limit)
{
test_core pr_core;
cryptonote::t_cryptonote_protocol_handler<test_core> cprotocol(pr_core, NULL);
Server server(cprotocol);
cprotocol.set_p2p_endpoint(&server);
// starts empty
ASSERT_TRUE(server.get_blocked_hosts().empty());
ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_TRUE(server.block_host(MAKE_IPV4_ADDRESS(1,2,3,4), std::numeric_limits<time_t>::max() - 1));
ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_TRUE(server.block_host(MAKE_IPV4_ADDRESS(1,2,3,4), 1));
ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4)));
}
namespace nodetool { template class node_server<cryptonote::t_cryptonote_protocol_handler<test_core>>; }
namespace cryptonote { template class t_cryptonote_protocol_handler<test_core>; }