p2p: fix integer overflow in host bans

This commit is contained in:
moneromooo-monero 2019-04-11 21:57:51 +00:00
parent 9c77dbf376
commit 5858598604
No known key found for this signature in database
GPG key ID: 686F07454D6CEFC3
2 changed files with 25 additions and 13 deletions

View file

@ -176,8 +176,15 @@ namespace nodetool
if(!addr.is_blockable()) if(!addr.is_blockable())
return false; return false;
const time_t now = time(nullptr);
CRITICAL_REGION_LOCAL(m_blocked_hosts_lock); CRITICAL_REGION_LOCAL(m_blocked_hosts_lock);
m_blocked_hosts[addr.host_str()] = time(nullptr) + seconds; time_t limit;
if (now > std::numeric_limits<time_t>::max() - seconds)
limit = std::numeric_limits<time_t>::max();
else
limit = now + seconds;
m_blocked_hosts[addr.host_str()] = limit;
// drop any connection to that address. This should only have to look into // drop any connection to that address. This should only have to look into
// the zone related to the connection, but really make sure everything is // the zone related to the connection, but really make sure everything is

View file

@ -93,18 +93,7 @@ typedef nodetool::node_server<cryptonote::t_cryptonote_protocol_handler<test_cor
static bool is_blocked(Server &server, const epee::net_utils::network_address &address, time_t *t = NULL) static bool is_blocked(Server &server, const epee::net_utils::network_address &address, time_t *t = NULL)
{ {
const std::string host = address.host_str(); return server.is_host_blocked(address.host_str(), t);
std::map<std::string, time_t> hosts = server.get_blocked_hosts();
for (auto rec: hosts)
{
if (rec.first == host)
{
if (t)
*t = rec.second;
return true;
}
}
return false;
} }
TEST(ban, add) TEST(ban, add)
@ -192,5 +181,21 @@ TEST(ban, add)
ASSERT_TRUE(t >= 4); ASSERT_TRUE(t >= 4);
} }
TEST(ban, limit)
{
test_core pr_core;
cryptonote::t_cryptonote_protocol_handler<test_core> cprotocol(pr_core, NULL);
Server server(cprotocol);
cprotocol.set_p2p_endpoint(&server);
// starts empty
ASSERT_TRUE(server.get_blocked_hosts().empty());
ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_TRUE(server.block_host(MAKE_IPV4_ADDRESS(1,2,3,4), std::numeric_limits<time_t>::max() - 1));
ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4)));
ASSERT_TRUE(server.block_host(MAKE_IPV4_ADDRESS(1,2,3,4), 1));
ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4)));
}
namespace nodetool { template class node_server<cryptonote::t_cryptonote_protocol_handler<test_core>>; } namespace nodetool { template class node_server<cryptonote::t_cryptonote_protocol_handler<test_core>>; }
namespace cryptonote { template class t_cryptonote_protocol_handler<test_core>; } namespace cryptonote { template class t_cryptonote_protocol_handler<test_core>; }