Ignore timestamps of INTRODUCE2 cells

2024-11-10 21:23:58 +01:00 · 2011-10-30 02:13:46 -07:00 · 2011-10-30 02:13:46 -07:00 · 272dd90b5c
commit 272dd90b5c
parent 1a52a947c5
3 changed files with 15 additions and 14 deletions
--- a/changes/bug3460
+++ b/changes/bug3460
@ -0,0 +1,11 @@
+  o Major bugfixes:
+
+    - Ignore the timestamps of INTRODUCE2 cells received by a hidden
+      service.  Previously, hidden services would check that the
+      timestamp was within 30 minutes of their system clock, so that
+      services could keep only INTRODUCE2 cells they had received in
+      the last hour in their replay-detection cache.  Bugfix on
+      0.2.1.6-alpha, when the v3 intro-point protocol (the first one
+      which sent a timestamp field in the INTRODUCE2 cell) was
+      introduced; fixes bug 3460.
+
--- a/src/or/or.h
+++ b/src/or/or.h
@ -756,9 +756,9 @@ typedef struct rend_data_t {
  char rend_cookie[REND_COOKIE_LEN];
 } rend_data_t;

-/** Time interval for tracking possible replays of INTRODUCE2 cells.
- * Incoming cells with timestamps half of this interval in the past or
- * future are dropped immediately. */
+/** Time interval for tracking replays of DH public keys received in
+ * INTRODUCE2 cells.  Used only to avoid launching multiple
+ * simultaneous attempts to connect to the same rendezvous point. */
 #define REND_REPLAY_TIME_INTERVAL (60 * 60)

 /** Used to indicate which way a cell is going on a circuit. */
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@ -1037,7 +1037,6 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
  len = r;
  if (*buf == 3) {
    /* Version 3 INTRODUCE2 cell. */
-    time_t ts = 0;
    v3_shift = 1;
    auth_type = buf[1];
    switch (auth_type) {
@ -1059,17 +1058,8 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
        log_info(LD_REND, "Unknown authorization type '%d'", auth_type);
    }

-    /* Check timestamp. */
-    ts = ntohl(get_uint32(buf+1+v3_shift));
+    /* Skip the timestamp field.  We no longer use it. */
    v3_shift += 4;
-    if ((now - ts) < -1 * REND_REPLAY_TIME_INTERVAL / 2 ||
-        (now - ts) > REND_REPLAY_TIME_INTERVAL / 2) {
-      /* This is far more likely to mean that a client's clock is
-       * skewed than that a replay attack is in progress. */
-      log_info(LD_REND, "INTRODUCE2 cell is too %s. Discarding.",
-               (now - ts) < 0 ? "old" : "new");
-      return -1;
-    }
  }
  if (*buf == 2 || *buf == 3) {
    /* Version 2 INTRODUCE2 cell. */