aboutsummaryrefslogtreecommitdiff
path: root/src/simplewallet/simplewallet.h
diff options
context:
space:
mode:
authormoneromooo-monero <moneromooo-monero@users.noreply.github.com>2019-10-15 10:30:50 +0000
committermoneromooo-monero <moneromooo-monero@users.noreply.github.com>2019-11-02 11:41:41 +0000
commit38f6910481f9bb61c4d6bf8409fddd6426384a58 (patch)
tree5e85980ffba4412b5ade7641995cc14fb204a7b7 /src/simplewallet/simplewallet.h
parentepee: allow a random component in once_a_time timeouts (diff)
downloadmonero-38f6910481f9bb61c4d6bf8409fddd6426384a58.tar.xz
simplewallet: plug a timing leak
As reported by Tramèr et al, timing of refresh requests can be used to see whether a password was requested (and thus at least one output received) since this will induce a delay in subsequent calls. To avoid this, we schedule calls at a given time instead of sleeping for a set time (which would make delays additive). To further avoid a scheduled call being during the time in which a password is prompted, the actual scheduled time is now randomized.
Diffstat (limited to '')
-rw-r--r--src/simplewallet/simplewallet.h8
1 files changed, 5 insertions, 3 deletions
diff --git a/src/simplewallet/simplewallet.h b/src/simplewallet/simplewallet.h
index e8f96ad54..75bd893d5 100644
--- a/src/simplewallet/simplewallet.h
+++ b/src/simplewallet/simplewallet.h
@@ -448,10 +448,12 @@ namespace cryptonote
std::atomic<bool> m_locked;
std::atomic<bool> m_in_command;
+ template<uint64_t mini, uint64_t maxi> struct get_random_interval { public: uint64_t operator()() const { return crypto::rand_range(mini, maxi); } };
+
epee::math_helper::once_a_time_seconds<1> m_inactivity_checker;
- epee::math_helper::once_a_time_seconds<90> m_refresh_checker;
- epee::math_helper::once_a_time_seconds<90> m_mms_checker;
- epee::math_helper::once_a_time_seconds<90> m_rpc_payment_checker;
+ epee::math_helper::once_a_time_seconds_range<get_random_interval<80 * 1000000, 100 * 1000000>> m_refresh_checker;
+ epee::math_helper::once_a_time_seconds_range<get_random_interval<90 * 1000000, 110 * 1000000>> m_mms_checker;
+ epee::math_helper::once_a_time_seconds_range<get_random_interval<90 * 1000000, 115 * 1000000>> m_rpc_payment_checker;
std::atomic<bool> m_need_payment;
boost::posix_time::ptime m_last_rpc_payment_mining_time;