Max HS descriptor size is now 50kb and also consensus param.

2024-11-10 21:23:58 +01:00 · 2016-12-23 14:48:05 +02:00 · 2016-12-23 14:48:05 +02:00 · e1d7661412
commit e1d7661412
parent 7456677a50
4 changed files with 19 additions and 2 deletions
--- a/src/or/hs_cache.c
+++ b/src/or/hs_cache.c
@ -15,6 +15,7 @@
 #include "config.h"
 #include "hs_common.h"
 #include "hs_descriptor.h"
+#include "networkstatus.h"
 #include "rendcache.h"

 /* Directory descriptor cache. Map indexed by blinded key. */
@ -366,6 +367,18 @@ hs_cache_handle_oom(time_t now, size_t min_remove_bytes)
  return bytes_removed;
 }

+/**
+ * Return the maximum size of an HS descriptor we are willing to accept as an
+ * HSDir.
+ */
+unsigned int
+hs_cache_get_max_descriptor_size(void)
+{
+  return (unsigned) networkstatus_get_param(NULL,
+                                            "HSV3MaxDescriptorSize",
+                                            HS_DESC_MAX_LEN, 1, INT32_MAX);
+}
+
 /* Initialize the hidden service cache subsystem. */
 void
 hs_cache_init(void)
--- a/src/or/hs_cache.h
+++ b/src/or/hs_cache.h
@ -44,6 +44,8 @@ void hs_cache_free_all(void);
 void hs_cache_clean_as_dir(time_t now);
 size_t hs_cache_handle_oom(time_t now, size_t min_remove_bytes);

+unsigned int hs_cache_get_max_descriptor_size(void);
+
 /* Store and Lookup function. They are version agnostic that is depending on
 * the requested version of the descriptor, it will be re-routed to the
 * right function. */
--- a/src/or/hs_descriptor.c
+++ b/src/or/hs_descriptor.c
@ -15,6 +15,7 @@
 #include "ed25519_cert.h" /* Trunnel interface. */
 #include "parsecommon.h"
 #include "rendcache.h"
+#include "hs_cache.h"
 #include "torcert.h" /* tor_cert_encode_ed22519() */

 /* Constant string value used for the descriptor format. */
@ -1700,8 +1701,9 @@ hs_desc_decode_plaintext(const char *encoded,
  tor_assert(encoded);
  tor_assert(plaintext);

+  /* Check that descriptor is within size limits. */
  encoded_len = strlen(encoded);
-  if (encoded_len >= HS_DESC_MAX_LEN) {
+  if (encoded_len >= hs_cache_get_max_descriptor_size()) {
    log_warn(LD_REND, "Service descriptor is too big (%lu bytes)",
             (unsigned long) encoded_len);
    goto err;
--- a/src/or/hs_descriptor.h
+++ b/src/or/hs_descriptor.h
@ -54,7 +54,7 @@
  HS_DESC_ENCRYPTED_SALT_LEN + \
  HS_DESC_PLAINTEXT_PADDING_MULTIPLE + DIGEST256_LEN
 /* Maximum length in bytes of a full hidden service descriptor. */
-#define HS_DESC_MAX_LEN 32768 // XXX justify
+#define HS_DESC_MAX_LEN 50000 /* 50kb max size */
 /* The minimum amount of fields a descriptor should contain. The parsing of
 * the fields are version specific so the only required field, as a generic
 * view of a descriptor, is 1 that is the version field. */