crowetic/qortal
1
0
Fork 0
forked from Qortal/qortal
Code Pull Requests Activity

Added range-check on online account timestamps

Browse Source
This commit is contained in:
catbref 2019-11-06 10:11:10 +00:00
parent 00aee1458e
commit f5918bd9bf
2 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/main/java/org/qora/controller/Controller.java
View File

@ -1249,11 +1249,20 @@ public class Controller extends Thread {
// Utilities
private void verifyAndAddAccount(OnlineAccountData onlineAccountData) {
// We would check timestamp is 'recent' here
PublicKeyAccount otherAccount = new PublicKeyAccount(null, onlineAccountData.getPublicKey());
final Long now = NTP.getTime();
if (now == null)
return;
// Check timestamp is 'recent' here
if (Math.abs(onlineAccountData.getTimestamp() - now) > ONLINE_TIMESTAMP_MODULUS * 2) {
LOGGER.trace(() -> String.format("Rejecting online account %s with out of range timestamp %d", otherAccount.getAddress(), onlineAccountData.getTimestamp()));
return;
}
// Verify
byte[] data = Longs.toByteArray(onlineAccountData.getTimestamp());
PublicKeyAccount otherAccount = new PublicKeyAccount(null, onlineAccountData.getPublicKey());
if (!otherAccount.verify(onlineAccountData.getSignature(), data)) {
LOGGER.trace(() -> String.format("Rejecting invalid online account %s", otherAccount.getAddress()));
return;

2
src/main/java/org/qora/controller/Synchronizer.java
View File

@ -11,10 +11,8 @@ import java.util.stream.Collectors;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.qora.account.Account;
import org.qora.account.PublicKeyAccount;
import org.qora.block.Block;
import org.qora.block.Block.ValidationResult;
import org.qora.data.account.RewardShareData;
import org.qora.data.block.BlockData;
import org.qora.data.block.BlockSummaryData;
import org.qora.data.network.PeerChainTipData;