Commit Graph

8344 Commits

Author SHA1 Message Date
Howard Chu
a182df21d0
Bans for RPC connections
Make bans control RPC sessions too. And auto-ban some bad requests.
Drops HTTP connections whenever response code is 500.
2019-06-16 11:38:08 +01:00
Riccardo Spagni
6335509727
Merge pull request #5641
633f1542 prep for 0.14.1 release (Riccardo Spagni)
2019-06-14 16:20:02 +02:00
Riccardo Spagni
1d5e8f461d
Merge pull request #5639
2eef90d6 rpc: restrict the recent cutoff size in restricted RPC mode (moneromooo-monero)
0564da5f ensure no NULL is passed to memcpy (moneromooo-monero)
bc09766b abstract_tcp_server2: improve DoS resistance (moneromooo-monero)
1387549e serialization: check stream good flag at the end (moneromooo-monero)
a00cabd4 tree-hash: allocate variable memory on heap, not stack (moneromooo-monero)
f2152192 cryptonote: throw on tx hash calculation error (moneromooo-monero)
db2b9fba serialization: fail on read_varint error (moneromooo-monero)
68ad5481 cryptonote_protocol: fix another potential P2P DoS (moneromooo-monero)
1cc61018 cryptonote_protocol: expand basic DoS protection (moneromooo-monero)
8f66b705 cryptonote_protocol_handler: prevent potential DoS (anonimal)
39169ace epee: basic sanity check on allocation size from untrusted source (moneromooo-monero)
2019-06-14 16:19:45 +02:00
Riccardo Spagni
633f1542e2
prep for 0.14.1 release 2019-06-14 16:16:52 +02:00
moneromooo-monero
2eef90d6ef
rpc: restrict the recent cutoff size in restricted RPC mode 2019-06-14 08:47:33 +00:00
moneromooo-monero
0564da5fdc
ensure no NULL is passed to memcpy
NULL is valid when size is 0, but memcpy uses nonnull attributes,
so let's not poke the bear
2019-06-14 08:47:29 +00:00
moneromooo-monero
bc09766bf9
abstract_tcp_server2: improve DoS resistance 2019-06-14 08:47:26 +00:00
moneromooo-monero
1387549e90
serialization: check stream good flag at the end
just in case
2019-06-14 08:47:23 +00:00
moneromooo-monero
a00cabd4f3
tree-hash: allocate variable memory on heap, not stack
Large amounts might run out of stack

Reported by guidov
2019-06-14 08:47:20 +00:00
moneromooo-monero
f215219252
cryptonote: throw on tx hash calculation error 2019-06-14 08:47:17 +00:00
moneromooo-monero
db2b9fba65
serialization: fail on read_varint error 2019-06-14 08:47:14 +00:00
moneromooo-monero
68ad548193
cryptonote_protocol: fix another potential P2P DoS
When asking for txes in a fluffy transaction, one might ask
for the same (large) tx many times
2019-06-14 08:47:11 +00:00
moneromooo-monero
1cc61018e5
cryptonote_protocol: expand basic DoS protection
Count transactions as well
2019-06-14 08:47:08 +00:00
anonimal
8f66b7053a
cryptonote_protocol_handler: prevent potential DoS
Essentially, one can send such a large amount of IDs that core exhausts
all free memory. This issue can theoretically be exploited using very
large CN blockchains, such as Monero.

This is a partial fix. Thanks and credit given to CryptoNote author
'cryptozoidberg' for collaboration and the fix. Also thanks to
'moneromooo'. Referencing HackerOne report #506595.
2019-06-14 08:47:05 +00:00
moneromooo-monero
39169ace09
epee: basic sanity check on allocation size from untrusted source
Reported by guidov
2019-06-14 08:47:01 +00:00
luigi1111
7b3df89bd4
Merge pull request #5632
3a0fbea Don't use -march=native (hyc)
f8b2f25 Allow parallel make (hyc)
01ced20 Delete redundant cppzmq dependency (hyc)
1dc4ebf Use 9 digit build IDs (hyc)
2019-06-12 14:47:33 -05:00
luigi1111
a22bb544a3
Merge pull request #5552
c27d961 [depends] update openssl to 1.0.2r (who-biz)
2019-06-12 14:43:51 -05:00
Howard Chu
1dc4ebfd6c
Use 9 digit build IDs 2019-06-12 16:47:33 +01:00
Howard Chu
01ced20eca
Delete redundant cppzmq dependency 2019-06-12 10:20:44 +01:00
Howard Chu
f8b2f250b7
Allow parallel make 2019-06-12 09:00:50 +01:00
Howard Chu
3a0fbea1ff
Don't use -march=native 2019-06-12 09:00:44 +01:00
luigi1111
fd0cf689dd
Merge pull request #5619
f2f207d miner: fix double free of thread attributes (ston1th)
2019-06-11 18:17:11 -05:00
luigi1111
9c0e9c40ec
Merge pull request #5618
b0a04f7 epee: fix SSL autodetect on reconnection (xiphon)
2019-06-11 18:15:48 -05:00
luigi1111
425e61ca6d
Merge pull request #5616
643c86a miniupnpc: update to build on BSD (moneromooo-monero)
2019-06-11 18:14:17 -05:00
luigi1111
c48722caa9
Merge pull request #5613
2cbe756 p2p: fix GCC 9.1 crash (moneromooo-monero)
35c20c4 Fix GCC 9.1 build warnings (moneromooo-monero)
e284889 cmake: do not use -mmitigate-rop on GCC >= 9.1 (moneromooo-monero)
2019-06-11 18:13:09 -05:00
xiphon
b0a04f7d45 epee: fix SSL autodetect on reconnection 2019-06-10 10:40:16 +00:00
moneromooo-monero
e2848894c9
cmake: do not use -mmitigate-rop on GCC >= 9.1
It was removed, but it still accepted by the compiler, which warns
for every file
2019-06-09 09:40:47 +00:00
moneromooo-monero
35c20c4332
Fix GCC 9.1 build warnings
GCC wants operator= aand copy ctor to be both defined, or neither
2019-06-09 09:39:18 +00:00
ston1th
f2f207d635 miner: fix double free of thread attributes
issue: #5568
2019-06-09 10:51:18 +02:00
moneromooo-monero
643c86a62a
miniupnpc: update to build on BSD 2019-06-08 18:38:51 +00:00
moneromooo-monero
2cbe75661c
p2p: fix GCC 9.1 crash 2019-06-08 17:52:53 +00:00
Riccardo Spagni
51766d026b
Merge pull request #5583
77594c4f functional_tests: fix python3 compatibility (moneromooo-monero)
2019-06-01 20:27:41 +02:00
Riccardo Spagni
62d32e955a
Merge pull request #5577
f950517a core: update pruning if using --prune-blockchain on a pruned blockchain (moneromooo-monero)
2019-06-01 20:25:19 +02:00
Riccardo Spagni
7e417dd408
Merge pull request #5571
35da33be blockchain: do not try to pop blocks down to the genesis block (moneromooo-monero)
4b51f9a3 core: do not commit half constructed batch db txn (moneromooo-monero)
2019-06-01 20:22:19 +02:00
Riccardo Spagni
14d3295649
Merge pull request #5561
9bfa4c20 Fix allow any cert mode in wallet rpc when configured over rpc (Lee Clagett)
3544596f Add ssl_options support to monerod's rpc mode. (Lee Clagett)
c9aaccf3 Fix configuration bug; wallet2 --daemon-ssl-allow-any-cert now works. (Lee Clagett)
2019-06-01 20:21:45 +02:00
Riccardo Spagni
42e2ed31ae
Merge pull request #5558
4ac52e52 functional_tests: fix rare get_output_distribution failure (moneromooo-monero)
2019-06-01 20:21:22 +02:00
Riccardo Spagni
df20bcdac5
Merge pull request #5557
dbecfe7d unit_tests: make the density test a bit less stringent (moneromooo-monero)
2019-06-01 20:21:03 +02:00
Riccardo Spagni
fccfc1aa25
Merge pull request #5555
b6830db2 Fix #5553 (Howard Chu)
2019-06-01 20:20:39 +02:00
moneromooo-monero
77594c4f4a
functional_tests: fix python3 compatibility
Also add missing bans test to the default tests
2019-05-29 11:59:48 +00:00
moneromooo-monero
f950517a08
core: update pruning if using --prune-blockchain on a pruned blockchain
Avoids a massive amount of spurious warnings if the last update before
the daemon exited was a while ago and the daemon was syncing
2019-05-28 09:12:11 +00:00
moneromooo-monero
35da33bea9
blockchain: do not try to pop blocks down to the genesis block 2019-05-26 17:11:32 +00:00
moneromooo-monero
4b51f9a34f
core: do not commit half constructed batch db txn 2019-05-25 16:24:56 +00:00
Lee Clagett
9bfa4c20ca Fix allow any cert mode in wallet rpc when configured over rpc 2019-05-22 00:15:14 -04:00
Lee Clagett
3544596f9f Add ssl_options support to monerod's rpc mode. 2019-05-22 00:09:11 -04:00
Lee Clagett
c9aaccf346 Fix configuration bug; wallet2 --daemon-ssl-allow-any-cert now works. 2019-05-21 15:43:27 -04:00
moneromooo-monero
4ac52e523d
functional_tests: fix rare get_output_distribution failure
When the wallet auto refreshes after mining the last two blocks
but before popping them, it will then try to use outputs which
are not unlocked yet. This is really a wallet problem, which
will be fixed later.
2019-05-20 13:45:36 +00:00
moneromooo-monero
dbecfe7d5d
unit_tests: make the density test a bit less stringent
It's an inherently random test
2019-05-20 10:42:50 +00:00
Howard Chu
b6830db2d4
Fix #5553
Make sure the tip hash still matches the cached block
2019-05-19 03:02:33 +01:00
who-biz
c27d96129e [depends] update openssl to 1.0.2r
- This addresses https://www.openssl.org/news/secadv/20190226.txt (CVE: 2019-1559) which impacted all versions of openssl-1.0.

Note that this does not address CVE-2019-1543 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1543), which impacts all versions of openssl 1.1 through 1.1.0j and 1.1.1b.

The above (1.1) is patched in openssl, where it was marked as low severity.  Similar issues possibly present in monero, should be looked into w.r.t. CVE-2019-1543.
2019-05-18 02:18:55 -04:00
Riccardo Spagni
5fbfa8a656
Merge pull request #5548
915f59e3 wallet: add unlock_time details to show_transfers (moneromooo-monero)
2019-05-17 13:17:40 +02:00