I2P Address: [http://git.idk.i2p]

Skip to content
Snippets Groups Projects
Commit eba9f3c0 authored by zzz's avatar zzz
Browse files

drop msgs expiring too far in the future

parent eacf46b3
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
router/java/src/net/i2p/router/tunnel/TunnelDispatcher.java
+ 13
1
View file @ eba9f3c0
...@@ -374,6 +374,9 @@ public class TunnelDispatcher implements Service { ...@@ -374,6 +374,9 @@ public class TunnelDispatcher implements Service {
_context.statManager().addRateData("tunnel.dispatchDataTime", dispatchTime, dispatchTime); _context.statManager().addRateData("tunnel.dispatchDataTime", dispatchTime, dispatchTime);
} }
/** High for now, just to prevent long-lived-message attacks */
private static final long MAX_FUTURE_EXPIRATION = 3*60*1000 + Router.CLOCK_FUDGE_FACTOR;
/** /**
* We are the inbound tunnel gateway, so encrypt it as necessary and forward * We are the inbound tunnel gateway, so encrypt it as necessary and forward
* it on. * it on.
...@@ -385,7 +388,10 @@ public class TunnelDispatcher implements Service { ...@@ -385,7 +388,10 @@ public class TunnelDispatcher implements Service {
if (gw != null) { if (gw != null) {
if (_log.shouldLog(Log.DEBUG)) if (_log.shouldLog(Log.DEBUG))
_log.debug("dispatch where we are the inbound gateway: " + gw + ": " + msg); _log.debug("dispatch where we are the inbound gateway: " + gw + ": " + msg);
if ( (msg.getMessageExpiration() < before - Router.CLOCK_FUDGE_FACTOR) || (msg.getMessage().getMessageExpiration() < before - Router.CLOCK_FUDGE_FACTOR) ) { long minTime = before - Router.CLOCK_FUDGE_FACTOR;
long maxTime = before + MAX_FUTURE_EXPIRATION;
if ( (msg.getMessageExpiration() < minTime) || (msg.getMessage().getMessageExpiration() < minTime) ||
(msg.getMessageExpiration() > maxTime) || (msg.getMessage().getMessageExpiration() > maxTime) ) {
if (_log.shouldLog(Log.ERROR)) if (_log.shouldLog(Log.ERROR))
_log.error("Not dispatching a gateway message for tunnel " + msg.getTunnelId().getTunnelId() _log.error("Not dispatching a gateway message for tunnel " + msg.getTunnelId().getTunnelId()
+ " as the wrapper's expiration is in " + DataHelper.formatDuration(msg.getMessageExpiration()-before) + " as the wrapper's expiration is in " + DataHelper.formatDuration(msg.getMessageExpiration()-before)
...@@ -463,6 +469,12 @@ public class TunnelDispatcher implements Service { ...@@ -463,6 +469,12 @@ public class TunnelDispatcher implements Service {
_log.warn("why are you sending a tunnel message that expired " _log.warn("why are you sending a tunnel message that expired "
+ (before-msg.getMessageExpiration()) + "ms ago? " + (before-msg.getMessageExpiration()) + "ms ago? "
+ msg, new Exception("cause")); + msg, new Exception("cause"));
} else if (msg.getMessageExpiration() > before + MAX_FUTURE_EXPIRATION) {
if (_log.shouldLog(Log.ERROR))
_log.error("why are you sending a tunnel message that expires "
+ (msg.getMessageExpiration() - before) + "ms from now? "
+ msg, new Exception("cause"));
return;
} }
long tid1 = outboundTunnel.getTunnelId(); long tid1 = outboundTunnel.getTunnelId();
long tid2 = (targetTunnel != null ? targetTunnel.getTunnelId() : -1); long tid2 = (targetTunnel != null ? targetTunnel.getTunnelId() : -1);
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Base32 Address: [http://7qeve4v2chmjdqlwpa3vl7aojf3nodbku7vepnjwrsxljzqipz6a.b32.i2p] Onion Address: [http://47ggr2fa3vnwfyhvgskzdmr3i32eijwymxohtxsls45dulmriwxszjad.onion]