forked from Qortal/qortal
Validate peer addresses before saving anything to the db.
This commit is contained in:
CalDescent
parent
391fa008d0
commit
fbe34015d4
@ -137,6 +137,9 @@ public class ArbitraryDataFileManager {
|
||||
LOGGER.debug("Adding arbitrary peer: {} for signature {}", peerAddress, Base58.encode(signature));
|
||||
ArbitraryPeerData arbitraryPeerData = new ArbitraryPeerData(signature, peer);
|
||||
repository.discardChanges();
|
||||
if (!arbitraryPeerData.isPeerAddressValid()) {
|
||||
return false;
|
||||
}
|
||||
repository.getArbitraryRepository().save(arbitraryPeerData);
|
||||
repository.saveChanges();
|
||||
|
||||
|
||||
@ -396,6 +396,10 @@ public class ArbitraryDataManager extends Thread {
|
||||
// We haven't got a record of this mapping yet, so add it
|
||||
LOGGER.debug("Adding arbitrary peer: {} for signature {}", peerAddress, Base58.encode(signature));
|
||||
ArbitraryPeerData arbitraryPeerData = new ArbitraryPeerData(signature, peer);
|
||||
repository.discardChanges();
|
||||
if (!arbitraryPeerData.isPeerAddressValid()) {
|
||||
return;
|
||||
}
|
||||
repository.getArbitraryRepository().save(arbitraryPeerData);
|
||||
repository.saveChanges();
|
||||
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
package org.qortal.data.network;
|
||||
|
||||
import com.google.common.net.InetAddresses;
|
||||
import org.qortal.crypto.Crypto;
|
||||
import org.qortal.network.Peer;
|
||||
import org.qortal.utils.NTP;
|
||||
@ -28,6 +29,28 @@ public class ArbitraryPeerData {
|
||||
0, 0, 0L, 0L);
|
||||
}
|
||||
|
||||
public boolean isPeerAddressValid() {
|
||||
// Validate the peer address to prevent arbitrary values being added to the db
|
||||
String[] parts = this.peerAddress.split(":");
|
||||
if (parts.length != 2) {
|
||||
// Invalid format
|
||||
return false;
|
||||
}
|
||||
String host = parts[0];
|
||||
if (!InetAddresses.isInetAddress(host)) {
|
||||
// Invalid host
|
||||
return false;
|
||||
}
|
||||
int port = Integer.valueOf(parts[1]);
|
||||
if (port <= 0 || port > 65535) {
|
||||
// Invalid port
|
||||
return false;
|
||||
}
|
||||
|
||||
// Valid host/port combination
|
||||
return true;
|
||||
}
|
||||
|
||||
public void incrementSuccesses() {
|
||||
this.successes++;
|
||||
}
|
||||
|
||||
@ -41,6 +41,7 @@ public class ArbitraryPeerTests extends Common {
|
||||
// Now add this mapping to the db
|
||||
Peer peer = new Peer(new PeerData(PeerAddress.fromString(peerAddress)));
|
||||
ArbitraryPeerData arbitraryPeerData = new ArbitraryPeerData(signature, peer);
|
||||
assertTrue(arbitraryPeerData.isPeerAddressValid());
|
||||
repository.getArbitraryRepository().save(arbitraryPeerData);
|
||||
|
||||
// We should now have an entry for this hash/peer combination
|
||||
@ -72,6 +73,7 @@ public class ArbitraryPeerTests extends Common {
|
||||
// Now add this mapping to the db
|
||||
Peer peer = new Peer(new PeerData(PeerAddress.fromString(peerAddress)));
|
||||
ArbitraryPeerData arbitraryPeerData = new ArbitraryPeerData(signature, peer);
|
||||
assertTrue(arbitraryPeerData.isPeerAddressValid());
|
||||
repository.getArbitraryRepository().save(arbitraryPeerData);
|
||||
|
||||
// We should now have an entry for this hash/peer combination
|
||||
@ -95,6 +97,7 @@ public class ArbitraryPeerTests extends Common {
|
||||
retrievedArbitraryPeerData.markAsAttempted();
|
||||
Thread.sleep(100);
|
||||
retrievedArbitraryPeerData.markAsRetrieved();
|
||||
assertTrue(arbitraryPeerData.isPeerAddressValid());
|
||||
repository.getArbitraryRepository().save(retrievedArbitraryPeerData);
|
||||
|
||||
// Retrieve data once again
|
||||
@ -135,6 +138,7 @@ public class ArbitraryPeerTests extends Common {
|
||||
// Now add this mapping to the db
|
||||
Peer peer = new Peer(new PeerData(PeerAddress.fromString(peerAddress1)));
|
||||
ArbitraryPeerData arbitraryPeerData = new ArbitraryPeerData(signature, peer);
|
||||
assertTrue(arbitraryPeerData.isPeerAddressValid());
|
||||
repository.getArbitraryRepository().save(arbitraryPeerData);
|
||||
|
||||
// We should now have an entry for this hash/peer combination
|
||||
|
||||
Loading…
Reference in New Issue
Block a user