mirror of
https://github.com/monero-project/monero.git
synced 2025-01-25 12:05:58 +00:00
p2p: fix integer overflow in host bans
This commit is contained in:
parent
9c77dbf376
commit
5858598604
2 changed files with 25 additions and 13 deletions
|
@ -176,8 +176,15 @@ namespace nodetool
|
||||||
if(!addr.is_blockable())
|
if(!addr.is_blockable())
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
|
const time_t now = time(nullptr);
|
||||||
|
|
||||||
CRITICAL_REGION_LOCAL(m_blocked_hosts_lock);
|
CRITICAL_REGION_LOCAL(m_blocked_hosts_lock);
|
||||||
m_blocked_hosts[addr.host_str()] = time(nullptr) + seconds;
|
time_t limit;
|
||||||
|
if (now > std::numeric_limits<time_t>::max() - seconds)
|
||||||
|
limit = std::numeric_limits<time_t>::max();
|
||||||
|
else
|
||||||
|
limit = now + seconds;
|
||||||
|
m_blocked_hosts[addr.host_str()] = limit;
|
||||||
|
|
||||||
// drop any connection to that address. This should only have to look into
|
// drop any connection to that address. This should only have to look into
|
||||||
// the zone related to the connection, but really make sure everything is
|
// the zone related to the connection, but really make sure everything is
|
||||||
|
|
|
@ -93,18 +93,7 @@ typedef nodetool::node_server<cryptonote::t_cryptonote_protocol_handler<test_cor
|
||||||
|
|
||||||
static bool is_blocked(Server &server, const epee::net_utils::network_address &address, time_t *t = NULL)
|
static bool is_blocked(Server &server, const epee::net_utils::network_address &address, time_t *t = NULL)
|
||||||
{
|
{
|
||||||
const std::string host = address.host_str();
|
return server.is_host_blocked(address.host_str(), t);
|
||||||
std::map<std::string, time_t> hosts = server.get_blocked_hosts();
|
|
||||||
for (auto rec: hosts)
|
|
||||||
{
|
|
||||||
if (rec.first == host)
|
|
||||||
{
|
|
||||||
if (t)
|
|
||||||
*t = rec.second;
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return false;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
TEST(ban, add)
|
TEST(ban, add)
|
||||||
|
@ -192,5 +181,21 @@ TEST(ban, add)
|
||||||
ASSERT_TRUE(t >= 4);
|
ASSERT_TRUE(t >= 4);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
TEST(ban, limit)
|
||||||
|
{
|
||||||
|
test_core pr_core;
|
||||||
|
cryptonote::t_cryptonote_protocol_handler<test_core> cprotocol(pr_core, NULL);
|
||||||
|
Server server(cprotocol);
|
||||||
|
cprotocol.set_p2p_endpoint(&server);
|
||||||
|
|
||||||
|
// starts empty
|
||||||
|
ASSERT_TRUE(server.get_blocked_hosts().empty());
|
||||||
|
ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4)));
|
||||||
|
ASSERT_TRUE(server.block_host(MAKE_IPV4_ADDRESS(1,2,3,4), std::numeric_limits<time_t>::max() - 1));
|
||||||
|
ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4)));
|
||||||
|
ASSERT_TRUE(server.block_host(MAKE_IPV4_ADDRESS(1,2,3,4), 1));
|
||||||
|
ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4)));
|
||||||
|
}
|
||||||
|
|
||||||
namespace nodetool { template class node_server<cryptonote::t_cryptonote_protocol_handler<test_core>>; }
|
namespace nodetool { template class node_server<cryptonote::t_cryptonote_protocol_handler<test_core>>; }
|
||||||
namespace cryptonote { template class t_cryptonote_protocol_handler<test_core>; }
|
namespace cryptonote { template class t_cryptonote_protocol_handler<test_core>; }
|
||||||
|
|
Loading…
Reference in a new issue