mirror of
https://codeberg.org/anoncontributorxmr/monero.git
synced 2024-11-30 03:03:17 +00:00
p2p: fix integer overflow in host bans
This commit is contained in:
parent
9c77dbf376
commit
5858598604
2 changed files with 25 additions and 13 deletions
|
@ -176,8 +176,15 @@ namespace nodetool
|
|||
if(!addr.is_blockable())
|
||||
return false;
|
||||
|
||||
const time_t now = time(nullptr);
|
||||
|
||||
CRITICAL_REGION_LOCAL(m_blocked_hosts_lock);
|
||||
m_blocked_hosts[addr.host_str()] = time(nullptr) + seconds;
|
||||
time_t limit;
|
||||
if (now > std::numeric_limits<time_t>::max() - seconds)
|
||||
limit = std::numeric_limits<time_t>::max();
|
||||
else
|
||||
limit = now + seconds;
|
||||
m_blocked_hosts[addr.host_str()] = limit;
|
||||
|
||||
// drop any connection to that address. This should only have to look into
|
||||
// the zone related to the connection, but really make sure everything is
|
||||
|
|
|
@ -93,18 +93,7 @@ typedef nodetool::node_server<cryptonote::t_cryptonote_protocol_handler<test_cor
|
|||
|
||||
static bool is_blocked(Server &server, const epee::net_utils::network_address &address, time_t *t = NULL)
|
||||
{
|
||||
const std::string host = address.host_str();
|
||||
std::map<std::string, time_t> hosts = server.get_blocked_hosts();
|
||||
for (auto rec: hosts)
|
||||
{
|
||||
if (rec.first == host)
|
||||
{
|
||||
if (t)
|
||||
*t = rec.second;
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
return server.is_host_blocked(address.host_str(), t);
|
||||
}
|
||||
|
||||
TEST(ban, add)
|
||||
|
@ -192,5 +181,21 @@ TEST(ban, add)
|
|||
ASSERT_TRUE(t >= 4);
|
||||
}
|
||||
|
||||
TEST(ban, limit)
|
||||
{
|
||||
test_core pr_core;
|
||||
cryptonote::t_cryptonote_protocol_handler<test_core> cprotocol(pr_core, NULL);
|
||||
Server server(cprotocol);
|
||||
cprotocol.set_p2p_endpoint(&server);
|
||||
|
||||
// starts empty
|
||||
ASSERT_TRUE(server.get_blocked_hosts().empty());
|
||||
ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4)));
|
||||
ASSERT_TRUE(server.block_host(MAKE_IPV4_ADDRESS(1,2,3,4), std::numeric_limits<time_t>::max() - 1));
|
||||
ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4)));
|
||||
ASSERT_TRUE(server.block_host(MAKE_IPV4_ADDRESS(1,2,3,4), 1));
|
||||
ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4)));
|
||||
}
|
||||
|
||||
namespace nodetool { template class node_server<cryptonote::t_cryptonote_protocol_handler<test_core>>; }
|
||||
namespace cryptonote { template class t_cryptonote_protocol_handler<test_core>; }
|
||||
|
|
Loading…
Reference in a new issue