echelon/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Router: Validate tunnel ID in requests

Browse Source 
Fix max ID
This commit is contained in:
zzz
2018-03-07 18:06:46 +00:00
parent ceac733b66
commit 7433eeb5c0
5 changed files with 16 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
core/java/src/net/i2p/data/TunnelId.java
View File

@ -27,7 +27,7 @@ import java.io.OutputStream;
public class TunnelId extends DataStructureImpl { public class TunnelId extends DataStructureImpl {
private long _tunnelId; private long _tunnelId;
public static final long MAX_ID_VALUE = (1L << 32) - 2L; public static final long MAX_ID_VALUE = 0xffffffffL;
public TunnelId() { public TunnelId() {
_tunnelId = -1; _tunnelId = -1;

6
router/java/src/net/i2p/router/tunnel/TunnelDispatcher.java
View File

@ -396,7 +396,7 @@ public class TunnelDispatcher implements Service {
long rv; long rv;
TunnelId tid; TunnelId tid;
do { do {
rv = 1 + _context.random().nextLong(TunnelId.MAX_ID_VALUE - 1); rv = 1 + _context.random().nextLong(TunnelId.MAX_ID_VALUE);
tid = new TunnelId(rv); tid = new TunnelId(rv);
} while (_outboundGateways.containsKey(tid)); } while (_outboundGateways.containsKey(tid));
return rv; return rv;
@ -413,7 +413,7 @@ public class TunnelDispatcher implements Service {
long rv; long rv;
TunnelId tid; TunnelId tid;
do { do {
rv = 1 + _context.random().nextLong(TunnelId.MAX_ID_VALUE - 1); rv = 1 + _context.random().nextLong(TunnelId.MAX_ID_VALUE);
tid = new TunnelId(rv); tid = new TunnelId(rv);
} while (_participants.containsKey(tid)); } while (_participants.containsKey(tid));
return rv; return rv;
@ -430,7 +430,7 @@ public class TunnelDispatcher implements Service {
long rv; long rv;
TunnelId tid; TunnelId tid;
do { do {
rv = 1 + _context.random().nextLong(TunnelId.MAX_ID_VALUE - 1); rv = 1 + _context.random().nextLong(TunnelId.MAX_ID_VALUE);
tid = new TunnelId(rv); tid = new TunnelId(rv);
} while (_inboundGateways.containsKey(tid)); } while (_inboundGateways.containsKey(tid));
return rv; return rv;

10
router/java/src/net/i2p/router/tunnel/pool/BuildHandler.java
View File

@ -668,6 +668,16 @@ class BuildHandler implements Runnable {
return; return;
} }
if (ourId <= 0 || ourId > TunnelId.MAX_ID_VALUE ||
nextId <= 0 || nextId > TunnelId.MAX_ID_VALUE) {
_context.statManager().addRateData("tunnel.rejectHostile", 1);
if (_log.shouldWarn())
_log.warn("Dropping build request, bad tunnel ID: " + req);
if (from != null)
_context.commSystem().mayDisconnect(from);
return;
}
// Loop checks // Loop checks
if ((!isOutEnd) && _context.routerHash().equals(nextPeer)) { if ((!isOutEnd) && _context.routerHash().equals(nextPeer)) {
_context.statManager().addRateData("tunnel.rejectHostile", 1); _context.statManager().addRateData("tunnel.rejectHostile", 1);

2
router/java/src/net/i2p/router/tunnel/pool/BuildRequestor.java
View File

@ -95,7 +95,7 @@ abstract class BuildRequestor {
else if (isIB && i == len - 1) else if (isIB && i == len - 1)
id = ctx.tunnelDispatcher().getNewIBEPID(); id = ctx.tunnelDispatcher().getNewIBEPID();
else else
id = 1 + ctx.random().nextLong(TunnelId.MAX_ID_VALUE - 1); id = 1 + ctx.random().nextLong(TunnelId.MAX_ID_VALUE);
cfg.getConfig(i).setReceiveTunnelId(DataHelper.toLong(4, id)); cfg.getConfig(i).setReceiveTunnelId(DataHelper.toLong(4, id));
} }

2
router/java/test/junit/net/i2p/router/tunnel/FragmentTest.java
View File

@ -161,7 +161,7 @@ public class FragmentTest {
_context.random().nextBytes(toRouter.getData()); _context.random().nextBytes(toRouter.getData());
} }
if (includeTunnel) if (includeTunnel)
toTunnel = new TunnelId(_context.random().nextLong(TunnelId.MAX_ID_VALUE)); toTunnel = new TunnelId(1 + _context.random().nextLong(TunnelId.MAX_ID_VALUE));
return new PendingGatewayMessage(m, toRouter, toTunnel); return new PendingGatewayMessage(m, toRouter, toTunnel);
} }