From d4e42230bdce38941abad85ba2aaa184f31e2f5f Mon Sep 17 00:00:00 2001 From: irungentoo Date: Sat, 28 Sep 2013 19:03:29 -0400 Subject: [PATCH] Potential DoS fixed. --- toxcore/net_crypto.c | 8 ++++++++ toxcore/net_crypto.h | 2 ++ 2 files changed, 10 insertions(+) diff --git a/toxcore/net_crypto.c b/toxcore/net_crypto.c index 8f3a6be1..b82a1e6d 100644 --- a/toxcore/net_crypto.c +++ b/toxcore/net_crypto.c @@ -474,6 +474,7 @@ int crypto_connect(Net_Crypto *c, uint8_t *public_key, IP_Port ip_port) random_nonce(c->crypto_connections[i].recv_nonce); memcpy(c->crypto_connections[i].public_key, public_key, crypto_box_PUBLICKEYBYTES); crypto_box_keypair(c->crypto_connections[i].sessionpublic_key, c->crypto_connections[i].sessionsecret_key); + c->crypto_connections[i].timeout = unix_time() + CRYPTO_HANDSHAKE_TIMEOUT; if (c->crypto_connections_length == i) ++c->crypto_connections_length; @@ -593,6 +594,7 @@ int accept_crypto_inbound(Net_Crypto *c, int connection_id, uint8_t *public_key, if (c->crypto_connections[i].status == CONN_NO_CONNECTION) { c->crypto_connections[i].number = connection_id; c->crypto_connections[i].status = CONN_NOT_CONFIRMED; + c->crypto_connections[i].timeout = unix_time() + CRYPTO_HANDSHAKE_TIMEOUT; random_nonce(c->crypto_connections[i].recv_nonce); memcpy(c->crypto_connections[i].sent_nonce, secret_nonce, crypto_box_NONCEBYTES); memcpy(c->crypto_connections[i].peersessionpublic_key, session_key, crypto_box_PUBLICKEYBYTES); @@ -666,6 +668,7 @@ void load_keys(Net_Crypto *c, uint8_t *keys) static void receive_crypto(Net_Crypto *c) { uint32_t i; + uint64_t temp_time = unix_time(); for (i = 0; i < c->crypto_connections_length; ++i) { if (c->crypto_connections[i].status == CONN_HANDSHAKE_SENT) { @@ -715,6 +718,7 @@ static void receive_crypto(Net_Crypto *c) c->crypto_connections[i].sessionsecret_key, c->crypto_connections[i].shared_key); c->crypto_connections[i].status = CONN_ESTABLISHED; + c->crypto_connections[i].timeout = ~0; } else { /* This should not happen, timeout the connection if it does. */ c->crypto_connections[i].status = CONN_TIMED_OUT; @@ -724,6 +728,10 @@ static void receive_crypto(Net_Crypto *c) c->crypto_connections[i].status = CONN_TIMED_OUT; } } + + if (temp_time > c->crypto_connections[i].timeout) { + c->crypto_connections[i].status = CONN_TIMED_OUT; + } } } diff --git a/toxcore/net_crypto.h b/toxcore/net_crypto.h index f8eeb424..5d21e4b6 100644 --- a/toxcore/net_crypto.h +++ b/toxcore/net_crypto.h @@ -28,6 +28,7 @@ #define CRYPTO_PACKET_FRIEND_REQ 32 /* Friend request crypto packet ID. */ #define CRYPTO_PACKET_NAT_PING 254 /* NAT ping crypto packet ID. */ +#define CRYPTO_HANDSHAKE_TIMEOUT CONNEXION_TIMEOUT typedef struct { uint8_t public_key[crypto_box_PUBLICKEYBYTES]; /* The real public key of the peer. */ @@ -42,6 +43,7 @@ typedef struct { * 4 if the connection is timed out. */ uint16_t number; /* Lossless_UDP connection number corresponding to this connection. */ + uint64_t timeout; } Crypto_Connection;