[or-cvs] r9210: Close any directory connection on which we have received 10M (in tor/trunk: . src/or)
nickm at seul.org
nickm at seul.org
Fri Dec 29 05:07:43 UTC 2006
Author: nickm
Date: 2006-12-29 00:07:25 -0500 (Fri, 29 Dec 2006)
New Revision: 9210
Modified:
tor/trunk/
tor/trunk/ChangeLog
tor/trunk/src/or/directory.c
Log:
r11745 at Kushana: nickm | 2006-12-29 00:00:28 -0500
Close any directory connection on which we have received 10MB or more of data. This prevents a malicious directory cache from running us out of memory by spooling an infinite amount of data. (Not a terribly good attack, but hey, every one helps.)
Property changes on: tor/trunk
___________________________________________________________________
svk:merge ticket from /tor/trunk [r11745] on c95137ef-5f19-0410-b913-86e773d04f59
Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog 2006-12-29 05:07:04 UTC (rev 9209)
+++ tor/trunk/ChangeLog 2006-12-29 05:07:25 UTC (rev 9210)
@@ -75,6 +75,7 @@
it's happening. (Bug #364)
- When we change nameservers or IP addresses, reset and re-launch
our tests for DNS hijacking.
+ - Block an obscure DoS attack from directory caches.
o Security bugfixes:
- Stop sending the HttpProxyAuthenticator string to directory
Modified: tor/trunk/src/or/directory.c
===================================================================
--- tor/trunk/src/or/directory.c 2006-12-29 05:07:04 UTC (rev 9209)
+++ tor/trunk/src/or/directory.c 2006-12-29 05:07:25 UTC (rev 9210)
@@ -1283,6 +1283,12 @@
return retval;
}
+/** If any directory object is arriving, and it's over 10MB large, we're
+ * getting DoS'd. (As of 0.1.2.x, raw directories are about 1MB, and we never
+ * ask for more than 96 router descriptors at a time.)
+ */
+#define MAX_DIRECTORY_OBJECT_SIZE (10*(1<<20))
+
/** Read handler for directory connections. (That's connections <em>to</em>
* directory servers and connections <em>at</em> directory servers.)
*/
@@ -1307,7 +1313,12 @@
return 0;
}
- /* XXXX012 for READ states, might want to make sure inbuf isn't too big */
+ if (buf_datalen(conn->_base.inbuf) > MAX_DIRECTORY_OBJECT_SIZE) {
+ log_warn(LD_HTTP, "Too much data received from directory connection; "
+ "DOS attempt or protocol shift.");
+ connection_mark_for_close(TO_CONN(conn));
+ return -1;
+ }
if (!conn->_base.inbuf_reached_eof)
log_debug(LD_HTTP,"Got data, not eof. Leaving on inbuf.");
More information about the tor-commits
mailing list