diff options
| -rw-r--r-- | contrib/epee/include/net/levin_protocol_handler_async.h | 17 | ||||
| -rw-r--r-- | contrib/epee/include/storages/portable_storage_from_bin.h | 9 | ||||
| -rw-r--r-- | src/cryptonote_basic/connection_context.h | 23 | ||||
| -rw-r--r-- | src/cryptonote_core/blockchain.cpp | 2 | ||||
| -rw-r--r-- | src/cryptonote_protocol/cryptonote_protocol_handler.h | 1 | ||||
| -rw-r--r-- | src/cryptonote_protocol/cryptonote_protocol_handler.inl | 28 | ||||
| -rw-r--r-- | src/p2p/net_node.inl | 16 | ||||
| -rw-r--r-- | tests/fuzz/levin.cpp | 1 | ||||
| -rw-r--r-- | tests/net_load_tests/net_load_tests.h | 1 | ||||
| -rw-r--r-- | tests/unit_tests/epee_levin_protocol_handler_async.cpp | 1 |
10 files changed, 84 insertions, 15 deletions
diff --git a/contrib/epee/include/net/levin_protocol_handler_async.h b/contrib/epee/include/net/levin_protocol_handler_async.h index 9e10747c2..ddde701ee 100644 --- a/contrib/epee/include/net/levin_protocol_handler_async.h +++ b/contrib/epee/include/net/levin_protocol_handler_async.h @@ -434,7 +434,7 @@ public: //async call scenario boost::shared_ptr<invoke_response_handler_base> response_handler = m_invoke_response_handlers.front(); response_handler->reset_timer(); - MDEBUG(m_connection_context << "LEVIN_PACKET partial msg received. len=" << cb); + MDEBUG(m_connection_context << "LEVIN_PACKET partial msg received. len=" << cb << ", current total " << m_cache_in_buffer.size() << "/" << m_current_head.m_cb << " (" << (100.0f * m_cache_in_buffer.size() / (m_current_head.m_cb ? m_current_head.m_cb : 1)) << "%)"); } } break; @@ -469,6 +469,14 @@ public: temp = std::move(m_fragment_buffer); m_fragment_buffer.clear(); std::memcpy(std::addressof(m_current_head), std::addressof(temp[0]), sizeof(bucket_head2)); + const size_t max_bytes = m_connection_context.get_max_bytes(m_current_head.m_command); + if(m_current_head.m_cb > std::min<size_t>(max_packet_size, max_bytes)) + { + MERROR(m_connection_context << "Maximum packet size exceed!, m_max_packet_size = " << std::min<size_t>(max_packet_size, max_bytes) + << ", packet header received " << m_current_head.m_cb << ", command " << m_current_head.m_command + << ", connection will be closed."); + return false; + } buff_to_invoke = {reinterpret_cast<const uint8_t*>(temp.data()) + sizeof(bucket_head2), temp.size() - sizeof(bucket_head2)}; } @@ -584,10 +592,11 @@ public: m_cache_in_buffer.erase(sizeof(bucket_head2)); m_state = stream_state_body; m_oponent_protocol_ver = m_current_head.m_protocol_version; - if(m_current_head.m_cb > max_packet_size) + const size_t max_bytes = m_connection_context.get_max_bytes(m_current_head.m_command); + if(m_current_head.m_cb > std::min<size_t>(max_packet_size, max_bytes)) { - LOG_ERROR_CC(m_connection_context, "Maximum packet size exceed!, m_max_packet_size = " << max_packet_size - << ", packet header received " << m_current_head.m_cb + LOG_ERROR_CC(m_connection_context, "Maximum packet size exceed!, m_max_packet_size = " << std::min<size_t>(max_packet_size, max_bytes) + << ", packet header received " << m_current_head.m_cb << ", command " << m_current_head.m_command << ", connection will be closed."); return false; } diff --git a/contrib/epee/include/storages/portable_storage_from_bin.h b/contrib/epee/include/storages/portable_storage_from_bin.h index 631ad307b..dfd815f97 100644 --- a/contrib/epee/include/storages/portable_storage_from_bin.h +++ b/contrib/epee/include/storages/portable_storage_from_bin.h @@ -38,6 +38,7 @@ #define EPEE_PORTABLE_STORAGE_RECURSION_LIMIT_INTERNAL 100 #endif #define EPEE_PORTABLE_STORAGE_OBJECT_LIMIT_INTERNAL 65536 +#define EPEE_PORTABLE_STORAGE_OBJECT_FIELD_LIMIT_INTERNAL 262144 namespace epee { @@ -104,6 +105,7 @@ namespace epee size_t m_count; size_t m_recursion_count; size_t m_objects; + size_t m_fields; }; inline throwable_buffer_reader::throwable_buffer_reader(const void* ptr, size_t sz) @@ -116,6 +118,7 @@ namespace epee m_count = sz; m_recursion_count = 0; m_objects = 0; + m_fields = 0; } inline void throwable_buffer_reader::read(void* target, size_t count) @@ -243,6 +246,8 @@ namespace epee inline storage_entry throwable_buffer_reader::read_se<section>() { RECURSION_LIMITATION(); + CHECK_AND_ASSERT_THROW_MES(m_objects < EPEE_PORTABLE_STORAGE_OBJECT_LIMIT_INTERNAL, "Too many objects"); + ++m_objects; section s;//use extra variable due to vs bug, line "storage_entry se(section()); " can't be compiled in visual studio storage_entry se(std::move(s)); section& section_entry = boost::get<section>(se); @@ -294,8 +299,8 @@ namespace epee RECURSION_LIMITATION(); sec.m_entries.clear(); size_t count = read_varint(); - CHECK_AND_ASSERT_THROW_MES(count <= EPEE_PORTABLE_STORAGE_OBJECT_LIMIT_INTERNAL - m_objects, "Too many objects"); - m_objects += count; + CHECK_AND_ASSERT_THROW_MES(count <= EPEE_PORTABLE_STORAGE_OBJECT_FIELD_LIMIT_INTERNAL - m_fields, "Too many object fields"); + m_fields += count; while(count--) { //read section name string diff --git a/src/cryptonote_basic/connection_context.h b/src/cryptonote_basic/connection_context.h index e5c00d4f3..8cd896a36 100644 --- a/src/cryptonote_basic/connection_context.h +++ b/src/cryptonote_basic/connection_context.h @@ -31,6 +31,7 @@ #pragma once #include <unordered_set> #include <atomic> +#include <algorithm> #include <boost/date_time/posix_time/posix_time.hpp> #include "net/net_utils_base.h" #include "copyable_atomic.h" @@ -57,6 +58,27 @@ namespace cryptonote bool handshake_complete() const noexcept { return m_state != state_before_handshake; } + void set_max_bytes(int command, size_t bytes) { + const auto i = std::lower_bound(m_max_bytes.begin(), m_max_bytes.end(), std::make_pair(command, bytes), [](const std::pair<int, size_t> &e0, const std::pair<int, size_t> &e1){ + return e0.first < e1.first; + }); + if (i == m_max_bytes.end()) + m_max_bytes.push_back(std::make_pair(command, bytes)); + else if (i->first == command) + i->second = bytes; + else + m_max_bytes.insert(i, std::make_pair(command, bytes)); + } + size_t get_max_bytes(int command) const { + const auto i = std::lower_bound(m_max_bytes.begin(), m_max_bytes.end(), std::make_pair(command, 0), [](const std::pair<int, size_t> &e0, const std::pair<int, size_t> &e1){ + return e0.first < e1.first; + }); + if (i == m_max_bytes.end() || i->first != command) + return std::numeric_limits<size_t>::max(); + else + return i->second; + } + state m_state; std::vector<std::pair<crypto::hash, uint64_t>> m_needed_objects; std::unordered_set<crypto::hash> m_requested_objects; @@ -73,6 +95,7 @@ namespace cryptonote int m_expect_response; uint64_t m_expect_height; size_t m_num_requested; + std::vector<std::pair<int, size_t>> m_max_bytes; }; inline std::string get_protocol_state_string(cryptonote_connection_context::state s) diff --git a/src/cryptonote_core/blockchain.cpp b/src/cryptonote_core/blockchain.cpp index 03a9ce6d6..8ec624254 100644 --- a/src/cryptonote_core/blockchain.cpp +++ b/src/cryptonote_core/blockchain.cpp @@ -4728,6 +4728,8 @@ uint64_t Blockchain::prevalidate_block_hashes(uint64_t height, const std::vector CHECK_AND_ASSERT_MES(weights.empty() || weights.size() == hashes.size(), 0, "Unexpected weights size"); + CRITICAL_REGION_LOCAL(m_blockchain_lock); + // easy case: height >= hashes if (height >= m_blocks_hash_of_hashes.size() * HASH_OF_HASHES_STEP) return hashes.size(); diff --git a/src/cryptonote_protocol/cryptonote_protocol_handler.h b/src/cryptonote_protocol/cryptonote_protocol_handler.h index 28530f3e7..5368df7b9 100644 --- a/src/cryptonote_protocol/cryptonote_protocol_handler.h +++ b/src/cryptonote_protocol/cryptonote_protocol_handler.h @@ -110,6 +110,7 @@ namespace cryptonote std::list<connection_info> get_connections(); const block_queue &get_block_queue() const { return m_block_queue; } void stop(); + void on_connection_new(cryptonote_connection_context &context); void on_connection_close(cryptonote_connection_context &context); void set_max_out_peers(unsigned int max) { m_max_out_peers = max; } bool no_sync() const { return m_no_sync; } diff --git a/src/cryptonote_protocol/cryptonote_protocol_handler.inl b/src/cryptonote_protocol/cryptonote_protocol_handler.inl index e69e5673c..65f721d98 100644 --- a/src/cryptonote_protocol/cryptonote_protocol_handler.inl +++ b/src/cryptonote_protocol/cryptonote_protocol_handler.inl @@ -2840,12 +2840,15 @@ skip: epee::string_tools::to_string_hex(context.m_pruning_seed) << "), score " << score << ", flush_all_spans " << flush_all_spans); - if (score > 0) - m_p2p->add_host_fail(context.m_remote_address, score); - m_block_queue.flush_spans(context.m_connection_id, flush_all_spans); + // copy since dropping the connection will invalidate the context, and thus the address + const auto remote_address = context.m_remote_address; + m_p2p->drop_connection(context); + + if (score > 0) + m_p2p->add_host_fail(remote_address, score); } //------------------------------------------------------------------------------------------------------------------------ template<class t_core> @@ -2878,6 +2881,25 @@ skip: } //------------------------------------------------------------------------------------------------------------------------ template<class t_core> + void t_cryptonote_protocol_handler<t_core>::on_connection_new(cryptonote_connection_context &context) + { + context.set_max_bytes(nodetool::COMMAND_HANDSHAKE_T<cryptonote::CORE_SYNC_DATA>::ID, 65536); + context.set_max_bytes(nodetool::COMMAND_TIMED_SYNC_T<cryptonote::CORE_SYNC_DATA>::ID, 65536); + context.set_max_bytes(nodetool::COMMAND_PING::ID, 4096); + context.set_max_bytes(nodetool::COMMAND_REQUEST_SUPPORT_FLAGS::ID, 4096); + + context.set_max_bytes(cryptonote::NOTIFY_NEW_BLOCK::ID, 1024 * 1024 * 128); // 128 MB (max packet is a bit less than 100 MB though) + context.set_max_bytes(cryptonote::NOTIFY_NEW_TRANSACTIONS::ID, 1024 * 1024 * 128); // 128 MB (max packet is a bit less than 100 MB though) + context.set_max_bytes(cryptonote::NOTIFY_REQUEST_GET_OBJECTS::ID, 1024 * 1024 * 2); // 2 MB + context.set_max_bytes(cryptonote::NOTIFY_RESPONSE_GET_OBJECTS::ID, 1024 * 1024 * 128); // 128 MB (max packet is a bit less than 100 MB though) + context.set_max_bytes(cryptonote::NOTIFY_REQUEST_CHAIN::ID, 512 * 1024); // 512 kB + context.set_max_bytes(cryptonote::NOTIFY_RESPONSE_CHAIN_ENTRY::ID, 1024 * 1024 * 4); // 4 MB + context.set_max_bytes(cryptonote::NOTIFY_NEW_FLUFFY_BLOCK::ID, 1024 * 1024 * 4); // 4 MB, but it does not includes transaction data + context.set_max_bytes(cryptonote::NOTIFY_REQUEST_FLUFFY_MISSING_TX::ID, 1024 * 1024); // 1 MB + context.set_max_bytes(cryptonote::NOTIFY_GET_TXPOOL_COMPLEMENT::ID, 1024 * 1024 * 4); // 4 MB + } + //------------------------------------------------------------------------------------------------------------------------ + template<class t_core> void t_cryptonote_protocol_handler<t_core>::on_connection_close(cryptonote_connection_context &context) { uint64_t target = 0; diff --git a/src/p2p/net_node.inl b/src/p2p/net_node.inl index 487e89923..2cea30288 100644 --- a/src/p2p/net_node.inl +++ b/src/p2p/net_node.inl @@ -1217,8 +1217,9 @@ namespace nodetool if(!handle_remote_peerlist(rsp.local_peerlist_new, context)) { LOG_WARNING_CC(context, "COMMAND_TIMED_SYNC: failed to handle_remote_peerlist(...), closing connection."); + const auto remote_address = context.m_remote_address; m_network_zones.at(context.m_remote_address.get_zone()).m_net_server.get_config_object().close(context.m_connection_id ); - add_host_fail(context.m_remote_address); + add_host_fail(remote_address); } if(!context.m_is_income) m_network_zones.at(context.m_remote_address.get_zone()).m_peerlist.set_peer_just_seen(context.peer_id, context.m_remote_address, context.m_pruning_seed, context.m_rpc_port, context.m_rpc_credits_per_hash); @@ -1382,7 +1383,7 @@ namespace nodetool if(just_take_peerlist) { zone.m_net_server.get_config_object().close(con->m_connection_id); - LOG_DEBUG_CC(*con, "CONNECTION HANDSHAKED OK AND CLOSED."); + MDEBUG(na.str() << "CONNECTION HANDSHAKED OK AND CLOSED."); return true; } @@ -1444,7 +1445,7 @@ namespace nodetool zone.m_net_server.get_config_object().close(con->m_connection_id); - LOG_DEBUG_CC(*con, "CONNECTION HANDSHAKED OK AND CLOSED."); + MDEBUG(na.str() << "CONNECTION HANDSHAKED OK AND CLOSED."); return true; } @@ -2472,12 +2473,14 @@ namespace nodetool template<class t_payload_net_handler> int node_server<t_payload_net_handler>::handle_handshake(int command, typename COMMAND_HANDSHAKE::request& arg, typename COMMAND_HANDSHAKE::response& rsp, p2p_connection_context& context) { + // copy since dropping the connection will invalidate the context, and thus the address + const auto remote_address = context.m_remote_address; + if(arg.node_data.network_id != m_network_id) { - LOG_INFO_CC(context, "WRONG NETWORK AGENT CONNECTED! id=" << arg.node_data.network_id); drop_connection(context); - add_host_fail(context.m_remote_address); + add_host_fail(remote_address); return 1; } @@ -2485,7 +2488,7 @@ namespace nodetool { LOG_WARNING_CC(context, "COMMAND_HANDSHAKE came not from incoming connection"); drop_connection(context); - add_host_fail(context.m_remote_address); + add_host_fail(remote_address); return 1; } @@ -2633,6 +2636,7 @@ namespace nodetool void node_server<t_payload_net_handler>::on_connection_new(p2p_connection_context& context) { MINFO("["<< epee::net_utils::print_connection_context(context) << "] NEW CONNECTION"); + m_payload_handler.on_connection_new(context); } //----------------------------------------------------------------------------------- template<class t_payload_net_handler> diff --git a/tests/fuzz/levin.cpp b/tests/fuzz/levin.cpp index 079ea7dae..78b7b6863 100644 --- a/tests/fuzz/levin.cpp +++ b/tests/fuzz/levin.cpp @@ -54,6 +54,7 @@ namespace { static constexpr int handshake_command() noexcept { return 1001; } static constexpr bool handshake_complete() noexcept { return true; } + size_t get_max_bytes(int command) const { return LEVIN_DEFAULT_MAX_PACKET_SIZE; } }; typedef epee::levin::async_protocol_handler_config<test_levin_connection_context> test_levin_protocol_handler_config; diff --git a/tests/net_load_tests/net_load_tests.h b/tests/net_load_tests/net_load_tests.h index 532017efd..baab07d31 100644 --- a/tests/net_load_tests/net_load_tests.h +++ b/tests/net_load_tests/net_load_tests.h @@ -50,6 +50,7 @@ namespace net_load_tests test_connection_context(): epee::net_utils::connection_context_base(boost::uuids::nil_uuid(), {}, false, false), m_closed(false) {} static constexpr int handshake_command() noexcept { return 1001; } static constexpr bool handshake_complete() noexcept { return true; } + size_t get_max_bytes(int command) const { return LEVIN_DEFAULT_MAX_PACKET_SIZE; } volatile bool m_closed; }; diff --git a/tests/unit_tests/epee_levin_protocol_handler_async.cpp b/tests/unit_tests/epee_levin_protocol_handler_async.cpp index 3dbb36171..a499fa608 100644 --- a/tests/unit_tests/epee_levin_protocol_handler_async.cpp +++ b/tests/unit_tests/epee_levin_protocol_handler_async.cpp @@ -45,6 +45,7 @@ namespace { static constexpr int handshake_command() noexcept { return 1001; } static constexpr bool handshake_complete() noexcept { return true; } + size_t get_max_bytes(int command) const { return LEVIN_DEFAULT_MAX_PACKET_SIZE; } }; typedef epee::levin::async_protocol_handler_config<test_levin_connection_context> test_levin_protocol_handler_config; |