[Pkg-privacy-commits] [onionbalance] 11/117: Check to not accept old descriptors from HSDirs
Donncha O'Cearbahill
donncha-guest at moszumanska.debian.org
Wed Dec 16 23:18:41 UTC 2015
This is an automated email from the git hooks/post-receive script.
donncha-guest pushed a commit to branch debian/sid
in repository onionbalance.
commit f90ccbc3b84569dc50d15e50dd65397937646de0
Author: Donncha O'Cearbhaill <donncha at donncha.is>
Date: Wed Jun 3 15:27:04 2015 +0100
Check to not accept old descriptors from HSDirs
---
onion-balance/hiddenservice.py | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/onion-balance/hiddenservice.py b/onion-balance/hiddenservice.py
index b8469bf..10cc437 100644
--- a/onion-balance/hiddenservice.py
+++ b/onion-balance/hiddenservice.py
@@ -229,6 +229,7 @@ class Instance(object):
self.introduction_points = []
self.last_fetched = None
+ self.last_descriptor_timestamp = None
self.changed_since_published = False
def fetch_descriptor(self):
@@ -266,6 +267,18 @@ class Instance(object):
(descriptor_onion_address, self.onion_address))
return None
+ # Reject descriptor if it timestamp is older than the latest
+ # descriptor. Prevents HSDir's replaying old, expired descriptors
+ if (self.last_descriptor_timestamp and
+ parsed_descriptor.published < self.last_descriptor_timestamp):
+ logger.error("Received descriptor for instance (%s) with "
+ "publication timestamp older than the last received "
+ "descriptor. Skipping descriptor." %
+ self.onion_address)
+ return
+ else:
+ self.last_descriptor_timestamp = parsed_descriptor.published
+
# Parse the introduction point list, decrypting if necessary
introduction_points = parsed_descriptor.introduction_points(
authentication_cookie=self.authentication_cookie)
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/onionbalance.git
More information about the Pkg-privacy-commits
mailing list