[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [tor/master] Max HS descriptor size is now 50kb and also consensus param.
commit e1d7661412325bb8c81a3a7f4d5cc25efdee5a78
Author: George Kadianakis <desnacked@xxxxxxxxxx>
Date: Fri Dec 23 14:48:05 2016 +0200
Max HS descriptor size is now 50kb and also consensus param.
---
src/or/hs_cache.c | 13 +++++++++++++
src/or/hs_cache.h | 2 ++
src/or/hs_descriptor.c | 4 +++-
src/or/hs_descriptor.h | 2 +-
4 files changed, 19 insertions(+), 2 deletions(-)
diff --git a/src/or/hs_cache.c b/src/or/hs_cache.c
index b7ff979..6e23a74 100644
--- a/src/or/hs_cache.c
+++ b/src/or/hs_cache.c
@@ -15,6 +15,7 @@
#include "config.h"
#include "hs_common.h"
#include "hs_descriptor.h"
+#include "networkstatus.h"
#include "rendcache.h"
/* Directory descriptor cache. Map indexed by blinded key. */
@@ -366,6 +367,18 @@ hs_cache_handle_oom(time_t now, size_t min_remove_bytes)
return bytes_removed;
}
+/**
+ * Return the maximum size of an HS descriptor we are willing to accept as an
+ * HSDir.
+ */
+unsigned int
+hs_cache_get_max_descriptor_size(void)
+{
+ return (unsigned) networkstatus_get_param(NULL,
+ "HSV3MaxDescriptorSize",
+ HS_DESC_MAX_LEN, 1, INT32_MAX);
+}
+
/* Initialize the hidden service cache subsystem. */
void
hs_cache_init(void)
diff --git a/src/or/hs_cache.h b/src/or/hs_cache.h
index 01abb80..ba95e73 100644
--- a/src/or/hs_cache.h
+++ b/src/or/hs_cache.h
@@ -44,6 +44,8 @@ void hs_cache_free_all(void);
void hs_cache_clean_as_dir(time_t now);
size_t hs_cache_handle_oom(time_t now, size_t min_remove_bytes);
+unsigned int hs_cache_get_max_descriptor_size(void);
+
/* Store and Lookup function. They are version agnostic that is depending on
* the requested version of the descriptor, it will be re-routed to the
* right function. */
diff --git a/src/or/hs_descriptor.c b/src/or/hs_descriptor.c
index 75ad205..2e92c89 100644
--- a/src/or/hs_descriptor.c
+++ b/src/or/hs_descriptor.c
@@ -15,6 +15,7 @@
#include "ed25519_cert.h" /* Trunnel interface. */
#include "parsecommon.h"
#include "rendcache.h"
+#include "hs_cache.h"
#include "torcert.h" /* tor_cert_encode_ed22519() */
/* Constant string value used for the descriptor format. */
@@ -1700,8 +1701,9 @@ hs_desc_decode_plaintext(const char *encoded,
tor_assert(encoded);
tor_assert(plaintext);
+ /* Check that descriptor is within size limits. */
encoded_len = strlen(encoded);
- if (encoded_len >= HS_DESC_MAX_LEN) {
+ if (encoded_len >= hs_cache_get_max_descriptor_size()) {
log_warn(LD_REND, "Service descriptor is too big (%lu bytes)",
(unsigned long) encoded_len);
goto err;
diff --git a/src/or/hs_descriptor.h b/src/or/hs_descriptor.h
index 083d353..e0abcea 100644
--- a/src/or/hs_descriptor.h
+++ b/src/or/hs_descriptor.h
@@ -54,7 +54,7 @@
HS_DESC_ENCRYPTED_SALT_LEN + \
HS_DESC_PLAINTEXT_PADDING_MULTIPLE + DIGEST256_LEN
/* Maximum length in bytes of a full hidden service descriptor. */
-#define HS_DESC_MAX_LEN 32768 // XXX justify
+#define HS_DESC_MAX_LEN 50000 /* 50kb max size */
/* The minimum amount of fields a descriptor should contain. The parsing of
* the fields are version specific so the only required field, as a generic
* view of a descriptor, is 1 that is the version field. */
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits