Alert system DoS prevention
This fixes two alert system vulnerabilities found by Sergio Lerner; you could send peers unlimited numbers of invalid alert message to try to either fill up their debug.log with messages and/or keep their CPU busy checking signatures. Fixed by disconnecting/banning peers if they send 10 or more bad (invalid/expired/cancelled) alerts.
This commit is contained in:
Gavin Andresen
parent
772351b0d5
commit
d5a52d9b3e
2 changed files with 20 additions and 7 deletions
25
src/main.cpp
25
src/main.cpp
|
|
@ -2997,14 +2997,27 @@ bool static ProcessMessage(CNode* pfrom, string strCommand, CDataStream& vRecv)
|
|||
CAlert alert;
|
||||
vRecv >> alert;
|
||||
|
||||
if (alert.ProcessAlert())
|
||||
uint256 alertHash = alert.GetHash();
|
||||
if (pfrom->setKnown.count(alertHash) == 0)
|
||||
{
|
||||
// Relay
|
||||
pfrom->setKnown.insert(alert.GetHash());
|
||||
if (alert.ProcessAlert())
|
||||
{
|
||||
LOCK(cs_vNodes);
|
||||
BOOST_FOREACH(CNode* pnode, vNodes)
|
||||
alert.RelayTo(pnode);
|
||||
// Relay
|
||||
pfrom->setKnown.insert(alertHash);
|
||||
{
|
||||
LOCK(cs_vNodes);
|
||||
BOOST_FOREACH(CNode* pnode, vNodes)
|
||||
alert.RelayTo(pnode);
|
||||
}
|
||||
}
|
||||
else {
|
||||
// Small DoS penalty so peers that send us lots of
|
||||
// duplicate/expired/invalid-signature/whatever alerts
|
||||
// eventually get banned.
|
||||
// This isn't a Misbehaving(100) (immediate ban) because the
|
||||
// peer might be an older or different implementation with
|
||||
// a different signature key, etc.
|
||||
pfrom->Misbehaving(10);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1535,7 +1535,7 @@ public:
|
|||
|
||||
uint256 GetHash() const
|
||||
{
|
||||
return SerializeHash(*this);
|
||||
return Hash(this->vchMsg.begin(), this->vchMsg.end());
|
||||
}
|
||||
|
||||
bool IsInEffect() const
|
||||
|
|
|
|||
Loading…
Reference in a new issue