Changeset 18e24ed


Ignore:
Timestamp:
Jul 23, 2018 8:50:42 PM (21 months ago)
Author:
zzz <zzz@…>
Branches:
master
Children:
2893cbb, fe41dec
Parents:
f554ca3
Message:

NTCP2: Fix double-free of buffers after msg3 p2 fails
Fix sending termination after msg3 p2 fails

Location:
router/java/src/net/i2p/router
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • router/java/src/net/i2p/router/RouterVersion.java

    rf554ca3 r18e24ed  
    1919    public final static String ID = "Monotone";
    2020    public final static String VERSION = CoreVersion.VERSION;
    21     public final static long BUILD = 16;
     21    public final static long BUILD = 17;
    2222
    2323    /** for example "-test" */
  • router/java/src/net/i2p/router/transport/ntcp/InboundEstablishState.java

    rf554ca3 r18e24ed  
    5757    /** how long we expect _sz_aliceIdent_tsA_padding_aliceSig to be when its full */
    5858    private int _sz_aliceIdent_tsA_padding_aliceSigSize;
     59
     60    private boolean _released;
    5961
    6062    //// NTCP2 things
     
    519521            if(ip != null)
    520522               _context.blocklist().add(ip);
    521             fail("Peer is banlisted forever: " + aliceHash);
     523            if (getVersion() < 2)
     524                fail("Peer is banlisted forever: " + aliceHash);
     525            else if (_log.shouldWarn())
     526                _log.warn("Peer is banlisted forever: " + aliceHash);
    522527            _msg3p2FailReason = NTCPConnection.REASON_BANNED;
    523528            return false;
     
    545550                                               _x("Excessive clock skew: {0}"));
    546551            _transport.setLastBadSkew(_peerSkew);
    547             fail("Clocks too skewed (" + diff + " ms)", null, true);
     552            if (getVersion() < 2)
     553                fail("Clocks too skewed (" + diff + " ms)", null, true);
     554            else if (_log.shouldWarn())
     555                _log.warn("Clocks too skewed (" + diff + " ms)");
    548556            _msg3p2FailReason = NTCPConnection.REASON_SKEW;
    549557            return false;
     
    785793                NTCP2Payload.processPayload(_context, this, payload, 0, _msg3p2len - MAC_SIZE, true);
    786794            } catch (IOException ioe) {
    787                 fail("Bad msg 3 payload", ioe);
     795                if (_log.shouldWarn())
     796                    _log.warn("Bad msg 3 payload", ioe);
    788797                // probably payload frame/block problems
    789798                // setDataPhase() will send termination
     
    791800                    _msg3p2FailReason = NTCPConnection.REASON_FRAMING;
    792801            } catch (DataFormatException dfe) {
    793                 fail("Bad msg 3 payload", dfe);
     802                if (_log.shouldWarn())
     803                    _log.warn("Bad msg 3 payload", dfe);
    794804                // probably RI problems
    795805                // setDataPhase() will send termination
     
    799809            } catch (I2NPMessageException ime) {
    800810                // shouldn't happen, no I2NP msgs in msg3p2
    801                 fail("Bad msg 3 payload", ime);
     811                if (_log.shouldWarn())
     812                    _log.warn("Bad msg 3 payload", ime);
    802813                // setDataPhase() will send termination
    803814                if (_msg3p2FailReason < 0)
     
    859870
    860871    /**
    861      *  KDF for NTCP2 data phase,
    862      *  then calls con.finishInboundEstablishment(),
    863      *  passing over the final keys and states to the con.
    864      *
    865      *  This changes the state to VERIFIED.
     872     *  KDF for NTCP2 data phase.
     873     *
     874     *  If _msg3p2FailReason is less than zero,
     875     *  this calls con.finishInboundEstablishment(),
     876     *  passing over the final keys and states to the con,
     877     *  and changes the state to VERIFIED.
     878     *
     879     *  Otherwise, it calls con.failInboundEstablishment(),
     880     *  which will send a termination message,
     881     *  and changes the state to CORRUPT.
     882     *
     883     *  If you don't call this, call fail().
    866884     *
    867885     *  @param buf possibly containing "extra" data for data phase
     
    886904                _log.warn("Failed msg3p2, code " + _msg3p2FailReason + " for " + this);
    887905            _con.failInboundEstablishment(sender, sip_ba, _msg3p2FailReason);
     906            changeState(State.CORRUPT);
    888907        } else {
    889908            if (_log.shouldDebug()) {
     
    10321051    @Override
    10331052    protected void releaseBufs(boolean isVerified) {
     1053        if (_released)
     1054            return;
     1055        _released = true;
    10341056        super.releaseBufs(isVerified);
    10351057        // Do not release _curEncrypted if verified, it is passed to
Note: See TracChangeset for help on using the changeset viewer.