[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] r9210: Close any directory connection on which we have received 10M (in tor/trunk: . src/or)

To: or-cvs@xxxxxxxxxxxxx
Subject: [or-cvs] r9210: Close any directory connection on which we have received 10M (in tor/trunk: . src/or)
From: nickm@xxxxxxxx
Date: Fri, 29 Dec 2006 00:07:43 -0500 (EST)
Delivered-to: archiver@seul.org
Delivered-to: or-cvs-outgoing@seul.org
Delivered-to: or-cvs@seul.org
Delivery-date: Fri, 29 Dec 2006 00:08:00 -0500
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-cvs@xxxxxxxxxxxxx

Author: nickm
Date: 2006-12-29 00:07:25 -0500 (Fri, 29 Dec 2006)
New Revision: 9210

Modified:
   tor/trunk/
   tor/trunk/ChangeLog
   tor/trunk/src/or/directory.c
Log:
 r11745@Kushana:  nickm | 2006-12-29 00:00:28 -0500
 Close any directory connection on which we have received 10MB or more of data.  This prevents a malicious directory cache from running us out of memory by spooling an infinite amount of data.  (Not a terribly good attack, but hey, every one helps.)



Property changes on: tor/trunk
___________________________________________________________________
 svk:merge ticket from /tor/trunk [r11745] on c95137ef-5f19-0410-b913-86e773d04f59

Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog	2006-12-29 05:07:04 UTC (rev 9209)
+++ tor/trunk/ChangeLog	2006-12-29 05:07:25 UTC (rev 9210)
@@ -75,6 +75,7 @@
       it's happening.  (Bug #364)
     - When we change nameservers or IP addresses, reset and re-launch
       our tests for DNS hijacking.
+    - Block an obscure DoS attack from directory caches.
 
   o Security bugfixes:
     - Stop sending the HttpProxyAuthenticator string to directory

Modified: tor/trunk/src/or/directory.c
===================================================================
--- tor/trunk/src/or/directory.c	2006-12-29 05:07:04 UTC (rev 9209)
+++ tor/trunk/src/or/directory.c	2006-12-29 05:07:25 UTC (rev 9210)
@@ -1283,6 +1283,12 @@
   return retval;
 }
 
+/** If any directory object is arriving, and it's over 10MB large, we're
+ * getting DoS'd.  (As of 0.1.2.x, raw directories are about 1MB, and we never
+ * ask for more than 96 router descriptors at a time.)
+ */
+#define MAX_DIRECTORY_OBJECT_SIZE (10*(1<<20))
+
 /** Read handler for directory connections.  (That's connections <em>to</em>
  * directory servers and connections <em>at</em> directory servers.)
  */
@@ -1307,7 +1313,12 @@
     return 0;
   }
 
-  /* XXXX012 for READ states, might want to make sure inbuf isn't too big */
+  if (buf_datalen(conn->_base.inbuf) > MAX_DIRECTORY_OBJECT_SIZE) {
+    log_warn(LD_HTTP, "Too much data received from directory connection; "
+             "DOS attempt or protocol shift.");
+    connection_mark_for_close(TO_CONN(conn));
+    return -1;
+  }
 
   if (!conn->_base.inbuf_reached_eof)
     log_debug(LD_HTTP,"Got data, not eof. Leaving on inbuf.");

Prev by Author: [or-cvs] r9209: Refactor connection_write_to_buf_zlib back into connection_w (in tor/trunk: . src/or)
Next by Author: [or-cvs] r9211: Remove dead code; make targets of addressmap commands/config (in tor/trunk: . src/common src/or)
Previous by thread: [or-cvs] r9209: Refactor connection_write_to_buf_zlib back into connection_w (in tor/trunk: . src/or)
Next by thread: [or-cvs] r9211: Remove dead code; make targets of addressmap commands/config (in tor/trunk: . src/common src/or)
Index(es):
- Author
- Thread