commit 1a52a947c557ac04ee96addff404dc50cf5c26eb Author: Robert Ransom rransom.8774@gmail.com Date: Sat Oct 29 17:02:53 2011 -0700
Move the real INTRODUCE2 replay-detection cache into rend_intro_point_t --- changes/per-intro-point-replay-cache | 7 +++++++ src/or/or.h | 9 ++++++--- src/or/rendcommon.c | 5 +++++ src/or/rendservice.c | 22 ++++++++-------------- 4 files changed, 26 insertions(+), 17 deletions(-)
diff --git a/changes/per-intro-point-replay-cache b/changes/per-intro-point-replay-cache new file mode 100644 index 0000000..f63e428 --- /dev/null +++ b/changes/per-intro-point-replay-cache @@ -0,0 +1,7 @@ + o Minor features: + + - Move the replay-detection cache for the RSA-encrypted parts of + INTRODUCE2 cells to the introduction point data structures. + Previously, we would use one replay-detection cache per hidden + service. Required by fix for bug 3460. + diff --git a/src/or/or.h b/src/or/or.h index 9c81d0e..b53220f 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -3505,9 +3505,12 @@ typedef struct rend_intro_point_t { * included in the last HS descriptor we generated. */ unsigned int listed_in_last_desc : 1;
- /** (Service side only) The number of INTRODUCE2 cells this intro - * point's circuit has received. */ - unsigned int introduction_count : 24; + /** (Service side only) A digestmap recording the INTRODUCE2 cells + * this intro point's circuit has received. Each key is the digest + * of the RSA-encrypted part of a received INTRODUCE2 cell; each + * value is a pointer to the time_t at which the cell was + * received. */ + digestmap_t *accepted_intros;
/** (Service side only) The time at which this intro point was first * published, or -1 if this intro point has not yet been diff --git a/src/or/rendcommon.c b/src/or/rendcommon.c index c5bf881..0a478c1 100644 --- a/src/or/rendcommon.c +++ b/src/or/rendcommon.c @@ -440,6 +440,11 @@ rend_intro_point_free(rend_intro_point_t *intro)
extend_info_free(intro->extend_info); crypto_free_pk_env(intro->intro_key); + + if (intro->accepted_intros != NULL) { + digestmap_free(intro->accepted_intros, _tor_free); + } + tor_free(intro); }
diff --git a/src/or/rendservice.c b/src/or/rendservice.c index ee34edf..413d4f6 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -1005,14 +1005,14 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request, if (!service->accepted_intros) service->accepted_intros = digestmap_new();
+ if (!intro_point->accepted_intros) + intro_point->accepted_intros = digestmap_new(); + { char pkpart_digest[DIGEST_LEN]; - /* Check for replay of PK-encrypted portion. It is slightly naughty to - use the same digestmap to check for this and for g^x replays, but - collisions are tremendously unlikely. - */ + /* Check for replay of PK-encrypted portion. */ crypto_digest(pkpart_digest, (char*)request+DIGEST_LEN, keylen); - access_time = digestmap_get(service->accepted_intros, pkpart_digest); + access_time = digestmap_get(intro_point->accepted_intros, pkpart_digest); if (access_time != NULL) { log_warn(LD_REND, "Possible replay detected! We received an " "INTRODUCE2 cell with same PK-encrypted part %d seconds ago. " @@ -1021,14 +1021,7 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request, } access_time = tor_malloc(sizeof(time_t)); *access_time = now; - digestmap_set(service->accepted_intros, pkpart_digest, access_time); - } - - /* Record that we've received another INTRODUCE2 cell through this - * intro point. */ - ++(intro_point->introduction_count); - if (intro_point->introduction_count == 0) { - --(intro_point->introduction_count); + digestmap_set(intro_point->accepted_intros, pkpart_digest, access_time); }
/* Next N bytes is encrypted with service key */ @@ -1935,7 +1928,8 @@ intro_point_should_expire_now(rend_intro_point_t *intro, return 1; }
- if (intro->introduction_count >= INTRO_POINT_LIFETIME_INTRODUCTIONS) { + if (digestmap_size(intro->accepted_intros) >= + INTRO_POINT_LIFETIME_INTRODUCTIONS) { /* This intro point has been used too many times. Expire it now. */ return 1; }