This is an automated email from the git hooks/post-receive script.
dgoulet pushed a commit to branch main in repository tor.
commit e605620744e3f752791dd6da4fd92d187af0d4a6 Author: Roger Dingledine arma@torproject.org AuthorDate: Fri Jul 1 18:32:04 2022 -0400
clients defend themselves from absurd pow requests
if asked for higher than a cap, we just solve it at the cap
i picked 500 for now but maybe we'll pick a better number in the future. --- src/feature/hs/hs_client.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+)
diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c index 1cecacaf9f..2ba2692941 100644 --- a/src/feature/hs/hs_client.c +++ b/src/feature/hs/hs_client.c @@ -600,6 +600,10 @@ find_desc_intro_point_by_legacy_id(const char *legacy_id, return ret_ip; }
+/** Set a client-side cap on the highest effort of PoW we will try to + * tackle. If asked for higher, we solve it at this cap. */ +#define CLIENT_MAX_POW_EFFORT 500 + /** Send an INTRODUCE1 cell along the intro circuit and populate the rend * circuit identifier with the needed key material for the e2e encryption. * Return 0 on success, -1 if there is a transient error such that an action @@ -674,6 +678,20 @@ send_introduce1(origin_circuit_t *intro_circ, if (desc->encrypted_data.pow_params) { log_debug(LD_REND, "PoW params present in descriptor."); pow_solution = tor_malloc_zero(sizeof(hs_pow_solution_t)); + + /* make sure we can't be tricked into hopeless quests */ + if (desc->encrypted_data.pow_params->suggested_effort > + CLIENT_MAX_POW_EFFORT) { + log_notice(LD_REND, "Onion service suggested effort %d which is " + "higher than we want to solve. Solving at %d instead.", + desc->encrypted_data.pow_params->suggested_effort, + CLIENT_MAX_POW_EFFORT); + + /* clobber it in-place. hopefully this won't have bad side effects. */ + desc->encrypted_data.pow_params->suggested_effort = + CLIENT_MAX_POW_EFFORT; + } + if (hs_pow_solve(desc->encrypted_data.pow_params, pow_solution)) { log_warn(LD_REND, "Haven't solved the PoW yet."); goto tran_err;