AlphaX/qortal
1
0
Fork 0
forked from Qortal/qortal
Code Issues Pull Requests Projects Releases Wiki Activity

Validate peer addresses before saving anything to the db.

Browse Source
This commit is contained in:
CalDescent 2022-01-01 22:33:01 +00:00
parent 391fa008d0
commit fbe34015d4
4 changed files with 35 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/main/java/org/qortal/controller/arbitrary/ArbitraryDataFileManager.java
View File

@ -137,6 +137,9 @@ public class ArbitraryDataFileManager {
LOGGER.debug("Adding arbitrary peer: {} for signature {}", peerAddress, Base58.encode(signature)); LOGGER.debug("Adding arbitrary peer: {} for signature {}", peerAddress, Base58.encode(signature));
ArbitraryPeerData arbitraryPeerData = new ArbitraryPeerData(signature, peer); ArbitraryPeerData arbitraryPeerData = new ArbitraryPeerData(signature, peer);
repository.discardChanges(); repository.discardChanges();
if (!arbitraryPeerData.isPeerAddressValid()) {
return false;
}
repository.getArbitraryRepository().save(arbitraryPeerData); repository.getArbitraryRepository().save(arbitraryPeerData);
repository.saveChanges(); repository.saveChanges();

6
src/main/java/org/qortal/controller/arbitrary/ArbitraryDataManager.java
View File

@ -396,7 +396,11 @@ public class ArbitraryDataManager extends Thread {
// We haven't got a record of this mapping yet, so add it // We haven't got a record of this mapping yet, so add it
LOGGER.debug("Adding arbitrary peer: {} for signature {}", peerAddress, Base58.encode(signature)); LOGGER.debug("Adding arbitrary peer: {} for signature {}", peerAddress, Base58.encode(signature));
ArbitraryPeerData arbitraryPeerData = new ArbitraryPeerData(signature, peer); ArbitraryPeerData arbitraryPeerData = new ArbitraryPeerData(signature, peer);
repository.getArbitraryRepository().save(arbitraryPeerData); repository.discardChanges();
if (!arbitraryPeerData.isPeerAddressValid()) {
return;
}
repository.getArbitraryRepository().save(arbitraryPeerData);
repository.saveChanges(); repository.saveChanges();
// Remember that this data is new, so that it can be rebroadcast later // Remember that this data is new, so that it can be rebroadcast later

23
src/main/java/org/qortal/data/network/ArbitraryPeerData.java
View File

@ -1,5 +1,6 @@
package org.qortal.data.network; package org.qortal.data.network;
import com.google.common.net.InetAddresses;
import org.qortal.crypto.Crypto; import org.qortal.crypto.Crypto;
import org.qortal.network.Peer; import org.qortal.network.Peer;
import org.qortal.utils.NTP; import org.qortal.utils.NTP;
@ -28,6 +29,28 @@ public class ArbitraryPeerData {
0, 0, 0L, 0L); 0, 0, 0L, 0L);
} }
public boolean isPeerAddressValid() {
// Validate the peer address to prevent arbitrary values being added to the db
String[] parts = this.peerAddress.split(":");
if (parts.length != 2) {
// Invalid format
return false;
}
String host = parts[0];
if (!InetAddresses.isInetAddress(host)) {
// Invalid host
return false;
}
int port = Integer.valueOf(parts[1]);
if (port <= 0 || port > 65535) {
// Invalid port
return false;
}
// Valid host/port combination
return true;
}
public void incrementSuccesses() { public void incrementSuccesses() {
this.successes++; this.successes++;
} }

4
src/test/java/org/qortal/test/arbitrary/ArbitraryPeerTests.java
View File

@ -41,6 +41,7 @@ public class ArbitraryPeerTests extends Common {
// Now add this mapping to the db // Now add this mapping to the db
Peer peer = new Peer(new PeerData(PeerAddress.fromString(peerAddress))); Peer peer = new Peer(new PeerData(PeerAddress.fromString(peerAddress)));
ArbitraryPeerData arbitraryPeerData = new ArbitraryPeerData(signature, peer); ArbitraryPeerData arbitraryPeerData = new ArbitraryPeerData(signature, peer);
assertTrue(arbitraryPeerData.isPeerAddressValid());
repository.getArbitraryRepository().save(arbitraryPeerData); repository.getArbitraryRepository().save(arbitraryPeerData);
// We should now have an entry for this hash/peer combination // We should now have an entry for this hash/peer combination
@ -72,6 +73,7 @@ public class ArbitraryPeerTests extends Common {
// Now add this mapping to the db // Now add this mapping to the db
Peer peer = new Peer(new PeerData(PeerAddress.fromString(peerAddress))); Peer peer = new Peer(new PeerData(PeerAddress.fromString(peerAddress)));
ArbitraryPeerData arbitraryPeerData = new ArbitraryPeerData(signature, peer); ArbitraryPeerData arbitraryPeerData = new ArbitraryPeerData(signature, peer);
assertTrue(arbitraryPeerData.isPeerAddressValid());
repository.getArbitraryRepository().save(arbitraryPeerData); repository.getArbitraryRepository().save(arbitraryPeerData);
// We should now have an entry for this hash/peer combination // We should now have an entry for this hash/peer combination
@ -95,6 +97,7 @@ public class ArbitraryPeerTests extends Common {
retrievedArbitraryPeerData.markAsAttempted(); retrievedArbitraryPeerData.markAsAttempted();
Thread.sleep(100); Thread.sleep(100);
retrievedArbitraryPeerData.markAsRetrieved(); retrievedArbitraryPeerData.markAsRetrieved();
assertTrue(arbitraryPeerData.isPeerAddressValid());
repository.getArbitraryRepository().save(retrievedArbitraryPeerData); repository.getArbitraryRepository().save(retrievedArbitraryPeerData);
// Retrieve data once again // Retrieve data once again
@ -135,6 +138,7 @@ public class ArbitraryPeerTests extends Common {
// Now add this mapping to the db // Now add this mapping to the db
Peer peer = new Peer(new PeerData(PeerAddress.fromString(peerAddress1))); Peer peer = new Peer(new PeerData(PeerAddress.fromString(peerAddress1)));
ArbitraryPeerData arbitraryPeerData = new ArbitraryPeerData(signature, peer); ArbitraryPeerData arbitraryPeerData = new ArbitraryPeerData(signature, peer);
assertTrue(arbitraryPeerData.isPeerAddressValid());
repository.getArbitraryRepository().save(arbitraryPeerData); repository.getArbitraryRepository().save(arbitraryPeerData);
// We should now have an entry for this hash/peer combination // We should now have an entry for this hash/peer combination