les: add Skip overflow check to GetBlockHeadersMsg handler (#16891)

pull/16882/head
Felföldi Zsolt 7 years ago committed by Péter Szilágyi
parent 7a22e89080
commit a5237a27ea
  1. 17
      les/handler.go

@ -19,6 +19,7 @@ package les
import ( import (
"encoding/binary" "encoding/binary"
"encoding/json"
"errors" "errors"
"fmt" "fmt"
"math/big" "math/big"
@ -441,7 +442,7 @@ func (pm *ProtocolManager) handleMsg(p *peer) error {
// Advance to the next header of the query // Advance to the next header of the query
switch { switch {
case query.Origin.Hash != (common.Hash{}) && query.Reverse: case hashMode && query.Reverse:
// Hash based traversal towards the genesis block // Hash based traversal towards the genesis block
for i := 0; i < int(query.Skip)+1; i++ { for i := 0; i < int(query.Skip)+1; i++ {
if header := pm.blockchain.GetHeader(query.Origin.Hash, number); header != nil { if header := pm.blockchain.GetHeader(query.Origin.Hash, number); header != nil {
@ -452,9 +453,18 @@ func (pm *ProtocolManager) handleMsg(p *peer) error {
break break
} }
} }
case query.Origin.Hash != (common.Hash{}) && !query.Reverse: case hashMode && !query.Reverse:
// Hash based traversal towards the leaf block // Hash based traversal towards the leaf block
if header := pm.blockchain.GetHeaderByNumber(origin.Number.Uint64() + query.Skip + 1); header != nil { var (
current = origin.Number.Uint64()
next = current + query.Skip + 1
)
if next <= current {
infos, _ := json.MarshalIndent(p.Peer.Info(), "", " ")
p.Log().Warn("GetBlockHeaders skip overflow attack", "current", current, "skip", query.Skip, "next", next, "attacker", infos)
unknown = true
} else {
if header := pm.blockchain.GetHeaderByNumber(next); header != nil {
if pm.blockchain.GetBlockHashesFromHash(header.Hash(), query.Skip+1)[query.Skip] == query.Origin.Hash { if pm.blockchain.GetBlockHashesFromHash(header.Hash(), query.Skip+1)[query.Skip] == query.Origin.Hash {
query.Origin.Hash = header.Hash() query.Origin.Hash = header.Hash()
} else { } else {
@ -463,6 +473,7 @@ func (pm *ProtocolManager) handleMsg(p *peer) error {
} else { } else {
unknown = true unknown = true
} }
}
case query.Reverse: case query.Reverse:
// Number based traversal towards the genesis block // Number based traversal towards the genesis block
if query.Origin.Number >= query.Skip+1 { if query.Origin.Number >= query.Skip+1 {

Loading…
Cancel
Save