commit e1d7661412325bb8c81a3a7f4d5cc25efdee5a78 Author: George Kadianakis desnacked@riseup.net Date: Fri Dec 23 14:48:05 2016 +0200

Max HS descriptor size is now 50kb and also consensus param. --- src/or/hs_cache.c | 13 +++++++++++++ src/or/hs_cache.h | 2 ++ src/or/hs_descriptor.c | 4 +++- src/or/hs_descriptor.h | 2 +- 4 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/src/or/hs_cache.c b/src/or/hs_cache.c index b7ff979..6e23a74 100644 --- a/src/or/hs_cache.c +++ b/src/or/hs_cache.c @@ -15,6 +15,7 @@ #include "config.h" #include "hs_common.h" #include "hs_descriptor.h" +#include "networkstatus.h" #include "rendcache.h"

/* Directory descriptor cache. Map indexed by blinded key. */ @@ -366,6 +367,18 @@ hs_cache_handle_oom(time_t now, size_t min_remove_bytes) return bytes_removed; }

+/** + * Return the maximum size of an HS descriptor we are willing to accept as an + * HSDir. + */ +unsigned int +hs_cache_get_max_descriptor_size(void) +{ + return (unsigned) networkstatus_get_param(NULL, + "HSV3MaxDescriptorSize", + HS_DESC_MAX_LEN, 1, INT32_MAX); +} + /* Initialize the hidden service cache subsystem. */ void hs_cache_init(void) diff --git a/src/or/hs_cache.h b/src/or/hs_cache.h index 01abb80..ba95e73 100644 --- a/src/or/hs_cache.h +++ b/src/or/hs_cache.h @@ -44,6 +44,8 @@ void hs_cache_free_all(void); void hs_cache_clean_as_dir(time_t now); size_t hs_cache_handle_oom(time_t now, size_t min_remove_bytes);

+unsigned int hs_cache_get_max_descriptor_size(void); + /* Store and Lookup function. They are version agnostic that is depending on * the requested version of the descriptor, it will be re-routed to the * right function. */ diff --git a/src/or/hs_descriptor.c b/src/or/hs_descriptor.c index 75ad205..2e92c89 100644 --- a/src/or/hs_descriptor.c +++ b/src/or/hs_descriptor.c @@ -15,6 +15,7 @@ #include "ed25519_cert.h" /* Trunnel interface. */ #include "parsecommon.h" #include "rendcache.h" +#include "hs_cache.h" #include "torcert.h" /* tor_cert_encode_ed22519() */

/* Constant string value used for the descriptor format. */ @@ -1700,8 +1701,9 @@ hs_desc_decode_plaintext(const char *encoded, tor_assert(encoded); tor_assert(plaintext);

+ /* Check that descriptor is within size limits. */ encoded_len = strlen(encoded); - if (encoded_len >= HS_DESC_MAX_LEN) { + if (encoded_len >= hs_cache_get_max_descriptor_size()) { log_warn(LD_REND, "Service descriptor is too big (%lu bytes)", (unsigned long) encoded_len); goto err; diff --git a/src/or/hs_descriptor.h b/src/or/hs_descriptor.h index 083d353..e0abcea 100644 --- a/src/or/hs_descriptor.h +++ b/src/or/hs_descriptor.h @@ -54,7 +54,7 @@ HS_DESC_ENCRYPTED_SALT_LEN + \ HS_DESC_PLAINTEXT_PADDING_MULTIPLE + DIGEST256_LEN /* Maximum length in bytes of a full hidden service descriptor. */ -#define HS_DESC_MAX_LEN 32768 // XXX justify +#define HS_DESC_MAX_LEN 50000 /* 50kb max size */ /* The minimum amount of fields a descriptor should contain. The parsing of * the fields are version specific so the only required field, as a generic * view of a descriptor, is 1 that is the version field. */