diff options
author | moneromooo-monero <moneromooo-monero@users.noreply.github.com> | 2019-04-11 21:57:51 +0000 |
---|---|---|
committer | moneromooo-monero <moneromooo-monero@users.noreply.github.com> | 2019-04-11 21:59:27 +0000 |
commit | 5858598604c511ff57a434196d27acf2f49cf23f (patch) | |
tree | 413bc4617ed03a2e86610cfeeda004dfabd2b783 | |
parent | Merge pull request #5386 (diff) | |
download | monero-5858598604c511ff57a434196d27acf2f49cf23f.tar.xz |
p2p: fix integer overflow in host bans
-rw-r--r-- | src/p2p/net_node.inl | 9 | ||||
-rw-r--r-- | tests/unit_tests/ban.cpp | 29 |
2 files changed, 25 insertions, 13 deletions
diff --git a/src/p2p/net_node.inl b/src/p2p/net_node.inl index f0aef384f..0c89c8f4b 100644 --- a/src/p2p/net_node.inl +++ b/src/p2p/net_node.inl @@ -176,8 +176,15 @@ namespace nodetool if(!addr.is_blockable()) return false; + const time_t now = time(nullptr); + CRITICAL_REGION_LOCAL(m_blocked_hosts_lock); - m_blocked_hosts[addr.host_str()] = time(nullptr) + seconds; + time_t limit; + if (now > std::numeric_limits<time_t>::max() - seconds) + limit = std::numeric_limits<time_t>::max(); + else + limit = now + seconds; + m_blocked_hosts[addr.host_str()] = limit; // drop any connection to that address. This should only have to look into // the zone related to the connection, but really make sure everything is diff --git a/tests/unit_tests/ban.cpp b/tests/unit_tests/ban.cpp index eb1ee8932..c8ce19ba4 100644 --- a/tests/unit_tests/ban.cpp +++ b/tests/unit_tests/ban.cpp @@ -93,18 +93,7 @@ typedef nodetool::node_server<cryptonote::t_cryptonote_protocol_handler<test_cor static bool is_blocked(Server &server, const epee::net_utils::network_address &address, time_t *t = NULL) { - const std::string host = address.host_str(); - std::map<std::string, time_t> hosts = server.get_blocked_hosts(); - for (auto rec: hosts) - { - if (rec.first == host) - { - if (t) - *t = rec.second; - return true; - } - } - return false; + return server.is_host_blocked(address.host_str(), t); } TEST(ban, add) @@ -192,5 +181,21 @@ TEST(ban, add) ASSERT_TRUE(t >= 4); } +TEST(ban, limit) +{ + test_core pr_core; + cryptonote::t_cryptonote_protocol_handler<test_core> cprotocol(pr_core, NULL); + Server server(cprotocol); + cprotocol.set_p2p_endpoint(&server); + + // starts empty + ASSERT_TRUE(server.get_blocked_hosts().empty()); + ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4))); + ASSERT_TRUE(server.block_host(MAKE_IPV4_ADDRESS(1,2,3,4), std::numeric_limits<time_t>::max() - 1)); + ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4))); + ASSERT_TRUE(server.block_host(MAKE_IPV4_ADDRESS(1,2,3,4), 1)); + ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4))); +} + namespace nodetool { template class node_server<cryptonote::t_cryptonote_protocol_handler<test_core>>; } namespace cryptonote { template class t_cryptonote_protocol_handler<test_core>; } |