* Add LeaseSetBufferValidate which checks lease validity and extracts timestamp

* check for leases with LeaseSetBufferValidate before update in floodfill code as to prevent malicous nodes removing good LS
2025-04-27 11:17:49 +02:00 · 2018-01-24 10:16:51 -05:00 · 2018-01-24 10:16:51 -05:00 · 4a77a03033
commit 4a77a03033
parent 3820b51960
3 changed files with 46 additions and 8 deletions
--- a/libi2pd/LeaseSet.cpp
+++ b/libi2pd/LeaseSet.cpp
@ -265,5 +265,39 @@ namespace data
 		auto ts = i2p::util::GetMillisecondsSinceEpoch ();
 		return ts > m_ExpirationTime;
 	}
+
+	bool LeaseSetBufferValidate(const uint8_t * ptr, size_t sz, uint64_t & expires)
+	{
+		IdentityEx ident(ptr, sz);
+		size_t size = ident.GetFullLen ();
+		if (size > sz)
+		{
+			LogPrint (eLogError, "LeaseSet: identity length ", size, " exceeds buffer size ", sz);
+			return false;
+		}
+		// encryption key
+		size += 256;
+		// signing key (unused)
+		size += ident.GetSigningPublicKeyLen ();
+		uint8_t numLeases = ptr[size];
+		++size;
+		if (!numLeases || numLeases > MAX_NUM_LEASES)
+		{
+			LogPrint (eLogError, "LeaseSet: incorrect number of leases", (int)numLeases);
+			return false;
+		}
+		const uint8_t * leases = ptr + size;
+		expires = 0;
+		/** find lease with the max expiration timestamp */
+		for (int i = 0; i < numLeases; i++)
+		{
+			leases += 36; // gateway + tunnel ID
+			uint64_t endDate = bufbe64toh (leases);
+			leases += 8; // end date
+			if(endDate > expires)
+				expires = endDate;
+		}
+		return ident.Verify(ptr, leases - ptr, leases);
+	}
 }
 }