echelon/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

NetDB: Check signature in verify

Browse Source 
Remove null checks, _target can't be null
This commit is contained in:
zzz
2020-06-28 14:56:08 +00:00
parent aadc9a13aa
commit 365b9053ec
2 changed files with 14 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
core/java/src/net/i2p/data/DatabaseEntry.java
View File

@ -231,8 +231,9 @@ public abstract class DatabaseEntry extends DataStructureImpl {
* This is the same as isValid() in RouterInfo * This is the same as isValid() in RouterInfo
* or verifySignature() in LeaseSet. * or verifySignature() in LeaseSet.
* @return valid * @return valid
* @since public since 0.9.47, was protected
*/ */
protected boolean verifySignature() { public boolean verifySignature() {
if (_signature == null) if (_signature == null)
return false; return false;
byte data[]; byte data[];

16
router/java/src/net/i2p/router/networkdb/kademlia/FloodfillVerifyStoreJob.java
View File

@ -35,7 +35,7 @@ import net.i2p.util.Log;
class FloodfillVerifyStoreJob extends JobImpl { class FloodfillVerifyStoreJob extends JobImpl {
private final Log _log; private final Log _log;
private final Hash _key, _client; private final Hash _key, _client;
private Hash _target; private volatile Hash _target;
private final Hash _sentTo; private final Hash _sentTo;
private final FloodfillNetworkDatabaseFacade _facade; private final FloodfillNetworkDatabaseFacade _facade;
private long _expiration; private long _expiration;
@ -329,6 +329,15 @@ class FloodfillVerifyStoreJob extends JobImpl {
// Verify it's as recent as the one we sent // Verify it's as recent as the one we sent
DatabaseStoreMessage dsm = (DatabaseStoreMessage)_message; DatabaseStoreMessage dsm = (DatabaseStoreMessage)_message;
DatabaseEntry entry = dsm.getEntry(); DatabaseEntry entry = dsm.getEntry();
if (!entry.verifySignature()) {
if (_log.shouldWarn())
_log.warn(getJobId() + ": Sent bad data for verify: " + _target);
pm.dbLookupFailed(_target);
ctx.banlist().banlistRouterForever(_target, "Sent bad netdb data");
ctx.statManager().addRateData("netDb.floodfillVerifyFail", delay);
resend();
return;
}
long newDate; long newDate;
boolean success; boolean success;
if (_isLS2 && if (_isLS2 &&
@ -376,7 +385,7 @@ class FloodfillVerifyStoreJob extends JobImpl {
// but we have to use one of them to affect the FloodfillPeerSelector ordering. // but we have to use one of them to affect the FloodfillPeerSelector ordering.
// If we don't do this we get stuck using the same verify peer every time even // If we don't do this we get stuck using the same verify peer every time even
// though it is the real problem. // though it is the real problem.
if (_target != null && !_target.equals(_sentTo)) if (!_target.equals(_sentTo))
pm.dbLookupFailed(_target); pm.dbLookupFailed(_target);
ctx.statManager().addRateData("netDb.floodfillVerifyFail", delay); ctx.statManager().addRateData("netDb.floodfillVerifyFail", delay);
resend(); resend();
@ -416,8 +425,7 @@ class FloodfillVerifyStoreJob extends JobImpl {
Set<Hash> toSkip = new HashSet<Hash>(2); Set<Hash> toSkip = new HashSet<Hash>(2);
if (_sentTo != null) if (_sentTo != null)
toSkip.add(_sentTo); toSkip.add(_sentTo);
if (_target != null) toSkip.add(_target);
toSkip.add(_target);
if (_log.shouldWarn()) if (_log.shouldWarn())
_log.warn(getJobId() + ": Verify failed, starting new store for: " + _key); _log.warn(getJobId() + ": Verify failed, starting new store for: " + _key);
_facade.sendStore(_key, ds, null, null, FloodfillNetworkDatabaseFacade.PUBLISH_TIMEOUT, toSkip); _facade.sendStore(_key, ds, null, null, FloodfillNetworkDatabaseFacade.PUBLISH_TIMEOUT, toSkip);