Mirrors/i2pd
2
0
Fork 0
mirror of https://github.com/PurpleI2P/i2pd.git synced 2025-03-10 19:38:28 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

check RelayRequest, RelayIntro, RelayResponse buffer size. Use assign instead memcpy
Some checks are pending
Build Debian packages / bookworm (push) Waiting to run
Details
Build Debian packages / bullseye (push) Waiting to run
Details
Build Debian packages / buster (push) Waiting to run
Details
Build on FreeBSD / with UPnP (push) Waiting to run
Details
Build on OSX / With USE_UPNP=no (push) Waiting to run
Details
Build on OSX / With USE_UPNP=yes (push) Waiting to run
Details
Build on Windows / clang-x86_64 (push) Waiting to run
Details
Build on Windows / i686 (push) Waiting to run
Details
Build on Windows / ucrt-x86_64 (push) Waiting to run
Details
Build on Windows / x86_64 (push) Waiting to run
Details
Build on Windows / CMake clang-x86_64 (push) Waiting to run
Details
Build on Windows / CMake i686 (push) Waiting to run
Details
Build on Windows / CMake ucrt-x86_64 (push) Waiting to run
Details
Build on Windows / CMake x86_64 (push) Waiting to run
Details
Build on Windows / XP (push) Waiting to run
Details
Build on Ubuntu / Make with USE_UPNP=no (push) Waiting to run
Details
Build on Ubuntu / Make with USE_UPNP=yes (push) Waiting to run
Details
Build on Ubuntu / CMake with -DWITH_UPNP=OFF (push) Waiting to run
Details
Build on Ubuntu / CMake with -DWITH_UPNP=ON (push) Waiting to run
Details
Build containers / Building container for linux/386 (push) Waiting to run
Details
Build containers / Building container for linux/amd64 (push) Waiting to run
Details
Build containers / Building container for linux/arm64 (push) Waiting to run
Details
Build containers / Building container for linux/arm/v7 (push) Waiting to run
Details
Build containers / Pushing merged manifest (push) Blocked by required conditions
Details

Browse source
This commit is contained in:
orignal 2025-02-20 16:53:49 -05:00
parent b97f09cc95
commit 7791b3952e
2 changed files with 28 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
libi2pd/SSU2OutOfSession.cpp
View file

@ -191,12 +191,7 @@ namespace transport
void SSU2PeerTestSession::SendPeerTest (uint8_t msg, const uint8_t * signedData, size_t signedDataLen, bool delayed) void SSU2PeerTestSession::SendPeerTest (uint8_t msg, const uint8_t * signedData, size_t signedDataLen, bool delayed)
{ {
#if __cplusplus >= 202002L // C++20
m_SignedData.assign (signedData, signedData + signedDataLen); m_SignedData.assign (signedData, signedData + signedDataLen);
#else
m_SignedData.resize (signedDataLen);
memcpy (m_SignedData.data (), signedData, signedDataLen);
#endif
if (!delayed) if (!delayed)
SendPeerTest (msg); SendPeerTest (msg);
// schedule resend for msgs 5 or 6 // schedule resend for msgs 5 or 6
@ -313,12 +308,7 @@ namespace transport
void SSU2HolePunchSession::SendHolePunch (const uint8_t * relayResponseBlock, size_t relayResponseBlockLen) void SSU2HolePunchSession::SendHolePunch (const uint8_t * relayResponseBlock, size_t relayResponseBlockLen)
{ {
#if __cplusplus >= 202002L // C++20
m_RelayResponseBlock.assign (relayResponseBlock, relayResponseBlock + relayResponseBlockLen); m_RelayResponseBlock.assign (relayResponseBlock, relayResponseBlock + relayResponseBlockLen);
#else
m_RelayResponseBlock.resize (relayResponseBlockLen);
memcpy (m_RelayResponseBlock.data (), relayResponseBlock, relayResponseBlockLen);
#endif
SendHolePunch (); SendHolePunch ();
ScheduleResend (); ScheduleResend ();
} }

39
libi2pd/SSU2Session.cpp
View file

@ -1965,6 +1965,7 @@ namespace transport
void SSU2Session::HandleRelayRequest (const uint8_t * buf, size_t len) void SSU2Session::HandleRelayRequest (const uint8_t * buf, size_t len)
{ {
// we are Bob // we are Bob
if (len < 9) return;
auto mts = i2p::util::GetMillisecondsSinceEpoch (); auto mts = i2p::util::GetMillisecondsSinceEpoch ();
uint32_t nonce = bufbe32toh (buf + 1); // nonce uint32_t nonce = bufbe32toh (buf + 1); // nonce
uint32_t relayTag = bufbe32toh (buf + 5); // relay tag uint32_t relayTag = bufbe32toh (buf + 5); // relay tag
@ -2013,6 +2014,7 @@ namespace transport
void SSU2Session::HandleRelayIntro (const uint8_t * buf, size_t len, int attempts) void SSU2Session::HandleRelayIntro (const uint8_t * buf, size_t len, int attempts)
{ {
// we are Charlie // we are Charlie
if (len < 47) return;
SSU2RelayResponseCode code = eSSU2RelayResponseCodeAccept; SSU2RelayResponseCode code = eSSU2RelayResponseCodeAccept;
boost::asio::ip::udp::endpoint ep; boost::asio::ip::udp::endpoint ep;
std::shared_ptr<const i2p::data::RouterInfo::Address> addr; std::shared_ptr<const i2p::data::RouterInfo::Address> addr;
@ -2025,6 +2027,11 @@ namespace transport
s.Insert (i2p::context.GetIdentHash (), 32); // chash s.Insert (i2p::context.GetIdentHash (), 32); // chash
s.Insert (buf + 33, 14); // nonce, relay tag, timestamp, ver, asz s.Insert (buf + 33, 14); // nonce, relay tag, timestamp, ver, asz
uint8_t asz = buf[46]; uint8_t asz = buf[46];
if (asz + 47 + r->GetIdentity ()->GetSignatureLen () > len)
{
LogPrint (eLogWarning, "SSU2: Malformed RelayIntro len=", len);
return;
}
s.Insert (buf + 47, asz); // Alice Port, Alice IP s.Insert (buf + 47, asz); // Alice Port, Alice IP
if (s.Verify (r->GetIdentity (), buf + 47 + asz)) if (s.Verify (r->GetIdentity (), buf + 47 + asz))
{ {
@ -2113,6 +2120,7 @@ namespace transport
void SSU2Session::HandleRelayResponse (const uint8_t * buf, size_t len) void SSU2Session::HandleRelayResponse (const uint8_t * buf, size_t len)
{ {
if (len < 6) return;
uint32_t nonce = bufbe32toh (buf + 2); uint32_t nonce = bufbe32toh (buf + 2);
if (m_State == eSSU2SessionStateIntroduced) if (m_State == eSSU2SessionStateIntroduced)
{ {
@ -2133,7 +2141,9 @@ namespace transport
auto it = m_RelaySessions.find (nonce); auto it = m_RelaySessions.find (nonce);
if (it != m_RelaySessions.end ()) if (it != m_RelaySessions.end ())
{ {
if (it->second.first && it->second.first->IsEstablished ()) auto relaySession = it->second.first;
m_RelaySessions.erase (it);
if (relaySession && relaySession->IsEstablished ())
{ {
// we are Bob, message from Charlie // we are Bob, message from Charlie
auto packet = m_Server.GetSentPacketsPool ().AcquireShared (); auto packet = m_Server.GetSentPacketsPool ().AcquireShared ();
@ -2143,12 +2153,12 @@ namespace transport
memcpy (payload + 3, buf, len); // forward to Alice as is memcpy (payload + 3, buf, len); // forward to Alice as is
packet->payloadSize = len + 3; packet->payloadSize = len + 3;
packet->payloadSize += CreatePaddingBlock (payload + packet->payloadSize, m_MaxPayloadSize - packet->payloadSize); packet->payloadSize += CreatePaddingBlock (payload + packet->payloadSize, m_MaxPayloadSize - packet->payloadSize);
uint32_t packetNum = it->second.first->SendData (packet->payload, packet->payloadSize); uint32_t packetNum = relaySession->SendData (packet->payload, packet->payloadSize);
if (m_RemoteVersion >= SSU2_MIN_RELAY_RESPONSE_RESEND_VERSION) if (m_RemoteVersion >= SSU2_MIN_RELAY_RESPONSE_RESEND_VERSION)
{ {
// sometimes Alice doesn't ack this RelayResponse in older versions // sometimes Alice doesn't ack this RelayResponse in older versions
packet->sendTime = i2p::util::GetMillisecondsSinceEpoch (); packet->sendTime = i2p::util::GetMillisecondsSinceEpoch ();
it->second.first->m_SentPackets.emplace (packetNum, packet); relaySession->m_SentPackets.emplace (packetNum, packet);
} }
} }
else else
@ -2157,25 +2167,31 @@ namespace transport
if (!buf[1]) // status code accepted? if (!buf[1]) // status code accepted?
{ {
// verify signature // verify signature
uint8_t csz = buf[11]; uint8_t csz = (len >= 12) ? buf[11] : 0;
if (csz + 12 + relaySession->GetRemoteIdentity ()->GetSignatureLen () > len)
{
LogPrint (eLogWarning, "SSU2: Malformed RelayResponse len=", len);
relaySession->Done ();
return;
}
SignedData s; SignedData s;
s.Insert ((const uint8_t *)"RelayAgreementOK", 16); // prologue s.Insert ((const uint8_t *)"RelayAgreementOK", 16); // prologue
s.Insert (GetRemoteIdentity ()->GetIdentHash (), 32); // bhash s.Insert (GetRemoteIdentity ()->GetIdentHash (), 32); // bhash
s.Insert (buf + 2, 10 + csz); // nonce, timestamp, ver, csz and Charlie's endpoint s.Insert (buf + 2, 10 + csz); // nonce, timestamp, ver, csz and Charlie's endpoint
if (s.Verify (it->second.first->GetRemoteIdentity (), buf + 12 + csz)) if (s.Verify (relaySession->GetRemoteIdentity (), buf + 12 + csz))
{ {
if (it->second.first->m_State == eSSU2SessionStateIntroduced) // HolePunch not received yet if (relaySession->m_State == eSSU2SessionStateIntroduced) // HolePunch not received yet
{ {
// update Charlie's endpoint // update Charlie's endpoint
if (ExtractEndpoint (buf + 12, csz, it->second.first->m_RemoteEndpoint)) if (ExtractEndpoint (buf + 12, csz, relaySession->m_RemoteEndpoint))
{ {
// update token // update token
uint64_t token; uint64_t token;
memcpy (&token, buf + len - 8, 8); memcpy (&token, buf + len - 8, 8);
m_Server.UpdateOutgoingToken (it->second.first->m_RemoteEndpoint, m_Server.UpdateOutgoingToken (relaySession->m_RemoteEndpoint,
token, i2p::util::GetSecondsSinceEpoch () + SSU2_TOKEN_EXPIRATION_TIMEOUT); token, i2p::util::GetSecondsSinceEpoch () + SSU2_TOKEN_EXPIRATION_TIMEOUT);
// connect to Charlie, HolePunch will be ignored // connect to Charlie, HolePunch will be ignored
it->second.first->ConnectAfterIntroduction (); relaySession->ConnectAfterIntroduction ();
} }
else else
LogPrint (eLogWarning, "SSU2: RelayResponse can't extract endpoint"); LogPrint (eLogWarning, "SSU2: RelayResponse can't extract endpoint");
@ -2184,16 +2200,15 @@ namespace transport
else else
{ {
LogPrint (eLogWarning, "SSU2: RelayResponse signature verification failed"); LogPrint (eLogWarning, "SSU2: RelayResponse signature verification failed");
it->second.first->Done (); relaySession->Done ();
} }
} }
else else
{ {
LogPrint (eLogInfo, "SSU2: RelayResponse status code=", (int)buf[1], " nonce=", bufbe32toh (buf + 2)); LogPrint (eLogInfo, "SSU2: RelayResponse status code=", (int)buf[1], " nonce=", bufbe32toh (buf + 2));
it->second.first->Done (); relaySession->Done ();
} }
} }
m_RelaySessions.erase (it);
} }
else else
LogPrint (eLogDebug, "SSU2: RelayResponse unknown nonce ", bufbe32toh (buf + 2)); LogPrint (eLogDebug, "SSU2: RelayResponse unknown nonce ", bufbe32toh (buf + 2));