Potential DoS fixed.

2024-03-22 13:30:51 +08:00 · 2013-09-28 19:03:29 -04:00 · 2013-09-28 19:03:29 -04:00 · d4e42230bd
commit d4e42230bd
parent 8adb34e6a9
2 changed files with 10 additions and 0 deletions
--- a/toxcore/net_crypto.c
+++ b/toxcore/net_crypto.c
@ -474,6 +474,7 @@ int crypto_connect(Net_Crypto *c, uint8_t *public_key, IP_Port ip_port)
            random_nonce(c->crypto_connections[i].recv_nonce);
            memcpy(c->crypto_connections[i].public_key, public_key, crypto_box_PUBLICKEYBYTES);
            crypto_box_keypair(c->crypto_connections[i].sessionpublic_key, c->crypto_connections[i].sessionsecret_key);
+            c->crypto_connections[i].timeout = unix_time() + CRYPTO_HANDSHAKE_TIMEOUT;

            if (c->crypto_connections_length == i)
                ++c->crypto_connections_length;
@ -593,6 +594,7 @@ int accept_crypto_inbound(Net_Crypto *c, int connection_id, uint8_t *public_key,
        if (c->crypto_connections[i].status == CONN_NO_CONNECTION) {
            c->crypto_connections[i].number = connection_id;
            c->crypto_connections[i].status = CONN_NOT_CONFIRMED;
+            c->crypto_connections[i].timeout = unix_time() + CRYPTO_HANDSHAKE_TIMEOUT;
            random_nonce(c->crypto_connections[i].recv_nonce);
            memcpy(c->crypto_connections[i].sent_nonce, secret_nonce, crypto_box_NONCEBYTES);
            memcpy(c->crypto_connections[i].peersessionpublic_key, session_key, crypto_box_PUBLICKEYBYTES);
@ -666,6 +668,7 @@ void load_keys(Net_Crypto *c, uint8_t *keys)
 static void receive_crypto(Net_Crypto *c)
 {
    uint32_t i;
+    uint64_t temp_time = unix_time();

    for (i = 0; i < c->crypto_connections_length; ++i) {
        if (c->crypto_connections[i].status == CONN_HANDSHAKE_SENT) {
@ -715,6 +718,7 @@ static void receive_crypto(Net_Crypto *c)
                                       c->crypto_connections[i].sessionsecret_key,
                                       c->crypto_connections[i].shared_key);
                    c->crypto_connections[i].status = CONN_ESTABLISHED;
+                    c->crypto_connections[i].timeout = ~0;
                } else {
                    /* This should not happen, timeout the connection if it does. */
                    c->crypto_connections[i].status = CONN_TIMED_OUT;
@ -724,6 +728,10 @@ static void receive_crypto(Net_Crypto *c)
                c->crypto_connections[i].status = CONN_TIMED_OUT;
            }
        }
+
+        if (temp_time > c->crypto_connections[i].timeout) {
+            c->crypto_connections[i].status = CONN_TIMED_OUT;
+        }
    }
 }

--- a/toxcore/net_crypto.h
+++ b/toxcore/net_crypto.h
@ -28,6 +28,7 @@

 #define CRYPTO_PACKET_FRIEND_REQ    32  /* Friend request crypto packet ID. */
 #define CRYPTO_PACKET_NAT_PING      254 /* NAT ping crypto packet ID. */
+#define CRYPTO_HANDSHAKE_TIMEOUT CONNEXION_TIMEOUT

 typedef struct {
    uint8_t public_key[crypto_box_PUBLICKEYBYTES]; /* The real public key of the peer. */
@ -42,6 +43,7 @@ typedef struct {
                     * 4 if the connection is timed out.
                     */
    uint16_t number; /* Lossless_UDP connection number corresponding to this connection. */
+    uint64_t timeout;

 } Crypto_Connection;