nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-10 13:13:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

hs-v3: Move DoS parameter check against 0

Browse Source 
Move it outside of the validation function since 0 is a valid value but
disables defenses.

Signed-off-by: David Goulet <dgoulet@torproject.org>
This commit is contained in:
David Goulet 2019-08-20 10:50:31 -04:00 committed by Nick Mathewson
parent a8a1ea4e0e
commit 385f6bcfcc
2 changed files with 43 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
src/feature/hs/hs_intropoint.c
View File

@ -191,28 +191,40 @@ validate_cell_dos_extension_parameters(uint64_t intro2_rate_per_sec,
{ {
bool ret = false; bool ret = false;
/* A value of 0 is valid in the sense that we accept it but we still disable /* Check that received value is not below the minimum. Don't check if minimum
* the defenses so return false. */ is set to 0, since the param is a positive value and gcc will complain. */
if (intro2_rate_per_sec == 0 || intro2_burst_per_sec == 0) { #if HS_CONFIG_V3_DOS_DEFENSE_RATE_PER_SEC_MIN > 0
log_info(LD_REND, "Intro point DoS defenses parameter set to 0."); if (intro2_rate_per_sec < HS_CONFIG_V3_DOS_DEFENSE_RATE_PER_SEC_MIN) {
log_fn(LOG_PROTOCOL_WARN, LD_REND,
"Intro point DoS defenses rate per second is "
"too small. Received value: %" PRIu64, intro2_rate_per_sec);
goto end;
}
#endif
/* Check that received value is not above maximum */
if (intro2_rate_per_sec > HS_CONFIG_V3_DOS_DEFENSE_RATE_PER_SEC_MAX) {
log_fn(LOG_PROTOCOL_WARN, LD_REND,
"Intro point DoS defenses rate per second is "
"too big. Received value: %" PRIu64, intro2_rate_per_sec);
goto end; goto end;
} }
/* Bound check the received rate per second. MIN/MAX are inclusive. */ /* Check that received value is not below the minimum */
if (!(intro2_rate_per_sec <= HS_CONFIG_V3_DOS_DEFENSE_RATE_PER_SEC_MAX && #if HS_CONFIG_V3_DOS_DEFENSE_BURST_PER_SEC_MIN > 0
intro2_rate_per_sec > HS_CONFIG_V3_DOS_DEFENSE_RATE_PER_SEC_MIN)) { if (intro2_burst_per_sec < HS_CONFIG_V3_DOS_DEFENSE_BURST_PER_SEC_MIN) {
log_info(LD_REND, "Intro point DoS defenses rate per second is " log_fn(LOG_PROTOCOL_WARN, LD_REND,
"invalid. Received value: %" PRIu64, "Intro point DoS defenses burst per second is "
intro2_rate_per_sec); "too small. Received value: %" PRIu64, intro2_burst_per_sec);
goto end; goto end;
} }
#endif
/* Bound check the received burst per second. MIN/MAX are inclusive. */ /* Check that received value is not above maximum */
if (!(intro2_burst_per_sec <= HS_CONFIG_V3_DOS_DEFENSE_BURST_PER_SEC_MAX && if (intro2_burst_per_sec > HS_CONFIG_V3_DOS_DEFENSE_BURST_PER_SEC_MAX) {
intro2_burst_per_sec > HS_CONFIG_V3_DOS_DEFENSE_BURST_PER_SEC_MIN)) { log_fn(LOG_PROTOCOL_WARN, LD_REND,
log_info(LD_REND, "Intro point DoS defenses burst per second is " "Intro point DoS defenses burst per second is "
"invalid. Received value: %" PRIu64, "too big. Received value: %" PRIu64, intro2_burst_per_sec);
intro2_burst_per_sec);
goto end; goto end;
} }
@ -273,6 +285,16 @@ handle_establish_intro_cell_dos_extension(
} }
} }
/* A value of 0 is valid in the sense that we accept it but we still disable
* the defenses so return false. */
if (intro2_rate_per_sec == 0 || intro2_burst_per_sec == 0) {
log_info(LD_REND, "Intro point DoS defenses parameter set to 0. "
"Disabling INTRO2 DoS defenses on circuit id %u",
circ->p_circ_id);
circ->introduce2_dos_defense_enabled = 0;
goto end;
}
/* If invalid, we disable the defense on the circuit. */ /* If invalid, we disable the defense on the circuit. */
if (!validate_cell_dos_extension_parameters(intro2_rate_per_sec, if (!validate_cell_dos_extension_parameters(intro2_rate_per_sec,
intro2_burst_per_sec)) { intro2_burst_per_sec)) {

11
src/test/test_hs_dos.c
View File

@ -143,6 +143,8 @@ test_validate_dos_extension_params(void *arg)
/* Valid custom rate/burst. */ /* Valid custom rate/burst. */
ret = validate_cell_dos_extension_parameters(17, 42); ret = validate_cell_dos_extension_parameters(17, 42);
tt_assert(ret); tt_assert(ret);
ret = cell_dos_extension_parameters_are_valid(INT32_MAX, INT32_MAX);
tt_assert(ret);
/* Invalid rate. */ /* Invalid rate. */
ret = validate_cell_dos_extension_parameters(UINT64_MAX, 42); ret = validate_cell_dos_extension_parameters(UINT64_MAX, 42);
@ -152,11 +154,9 @@ test_validate_dos_extension_params(void *arg)
ret = validate_cell_dos_extension_parameters(42, UINT64_MAX); ret = validate_cell_dos_extension_parameters(42, UINT64_MAX);
tt_assert(!ret); tt_assert(!ret);
/* Value of 0 should return invalid so defenses can be disabled. */ /* Value of 0 is valid (but should disable defenses) */
ret = validate_cell_dos_extension_parameters(0, 42); ret = cell_dos_extension_parameters_are_valid(0, 0);
tt_assert(!ret); tt_assert(ret);
ret = validate_cell_dos_extension_parameters(42, 0);
tt_assert(!ret);
/* Can't have burst smaller than rate. */ /* Can't have burst smaller than rate. */
ret = validate_cell_dos_extension_parameters(42, 40); ret = validate_cell_dos_extension_parameters(42, 40);
@ -174,4 +174,3 @@ struct testcase_t hs_dos_tests[] = {
END_OF_TESTCASES END_OF_TESTCASES
}; };