zzz/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

* i2psnark: Fix OOM vulnerability by checking incoming message length

Browse Source 
(thanks devzero!)
This commit is contained in:
zzz
2008-08-13 15:59:16 +00:00
parent 719ba3f66f
commit 49af13a3ca
4 changed files with 10 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
apps/i2psnark/java/src/org/klomp/snark/PeerConnectionIn.java
View File

@@ -77,9 +77,12 @@ class PeerConnectionIn implements Runnable
// Wait till we hear something... // Wait till we hear something...
// The length of a complete message in bytes. // The length of a complete message in bytes.
// The biggest is the piece message, for which the length is the
// request size (32K) plus 9. (we could also check if Storage.MAX_PIECES / 8
// in the bitfield message is bigger but it's currently 5000/8 = 625 so don't bother)
int i = din.readInt(); int i = din.readInt();
lastRcvd = System.currentTimeMillis(); lastRcvd = System.currentTimeMillis();
if (i < 0) if (i < 0 || i > PeerState.PARTSIZE + 9)
throw new IOException("Unexpected length prefix: " + i); throw new IOException("Unexpected length prefix: " + i);
if (i == 0) if (i == 0)

2
apps/i2psnark/java/src/org/klomp/snark/PeerState.java
View File

@@ -62,7 +62,7 @@ class PeerState
private final static int MAX_PIPELINE = 2; // this is for outbound requests private final static int MAX_PIPELINE = 2; // this is for outbound requests
private final static int MAX_PIPELINE_BYTES = 128*1024; // this is for inbound requests private final static int MAX_PIPELINE_BYTES = 128*1024; // this is for inbound requests
private final static int PARTSIZE = 32*1024; // Snark was 16K, i2p-bt uses 64KB public final static int PARTSIZE = 32*1024; // Snark was 16K, i2p-bt uses 64KB
private final static int MAX_PARTSIZE = 64*1024; // Don't let anybody request more than this private final static int MAX_PARTSIZE = 64*1024; // Don't let anybody request more than this
PeerState(Peer peer, PeerListener listener, MetaInfo metainfo, PeerState(Peer peer, PeerListener listener, MetaInfo metainfo,

4
history.txt
View File

@@ -1,3 +1,7 @@
2008-08-13 zzz
* i2psnark: Fix OOM vulnerability by checking incoming message length
(thanks devzero!)
2008-08-04 zzz 2008-08-04 zzz
* Floodfill Peer Selector: * Floodfill Peer Selector:
- Avoid peers whose netdb is old, or have a recent failed store, - Avoid peers whose netdb is old, or have a recent failed store,

2
router/java/src/net/i2p/router/RouterVersion.java
View File

@@ -17,7 +17,7 @@ import net.i2p.CoreVersion;
public class RouterVersion { public class RouterVersion {
public final static String ID = "$Revision: 1.548 $ $Date: 2008-06-07 23:00:00 $"; public final static String ID = "$Revision: 1.548 $ $Date: 2008-06-07 23:00:00 $";
public final static String VERSION = "0.6.2"; public final static String VERSION = "0.6.2";
public final static long BUILD = 11; public final static long BUILD = 12;
public static void main(String args[]) { public static void main(String args[]) {
System.out.println("I2P Router version: " + VERSION + "-" + BUILD); System.out.println("I2P Router version: " + VERSION + "-" + BUILD);
System.out.println("Router ID: " + RouterVersion.ID); System.out.println("Router ID: " + RouterVersion.ID);