void/ZeroTierOne
2
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-06-07 13:03:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

prevented minor attack

Browse source
This commit is contained in:
mamoniot 2022-12-28 05:53:18 -05:00
parent 87b40cd1a0
commit c90faab4c0
2 changed files with 8 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
zssp/src/counter.rs
View file

@ -64,6 +64,11 @@ impl CounterWindow {
self.0[i].store(0, Ordering::SeqCst) self.0[i].store(0, Ordering::SeqCst)
} }
} }
pub fn invalidate(&self) {
for i in 0..COUNTER_MAX_ALLOWED_OOO {
self.0[i].store(u32::MAX, Ordering::SeqCst)
}
}
#[inline(always)] #[inline(always)]
pub fn message_received(&self, received_counter_value: u32) -> bool { pub fn message_received(&self, received_counter_value: u32) -> bool {
@ -75,7 +80,7 @@ impl CounterWindow {
#[inline(always)] #[inline(always)]
pub fn message_authenticated(&self, received_counter_value: u32) -> bool { pub fn message_authenticated(&self, received_counter_value: u32) -> bool {
//if a valid message is received but one of its fragments was lost, it can technically be replayed. However since the message is incomplete, we know it still exists in the gather array, so the gather array will deduplicate the replayed message. Even if the gather array gets flushed, that flush still effectively deduplicates the replayed message. //if a valid message is received but one of its fragments was lost, it can technically be replayed. However since the message is incomplete, we know it still exists in the gather array, so the gather array will deduplicate the replayed message. Even if the gather array gets flushed, that flush still effectively deduplicates the replayed message.
//eventually the counter of that kind of message will be too OOO to be accepted anymore so it can't be used to DOS. //eventually the counter of that kind of message will be too OOO to be accepted anymore so it can't be used to DOS.
let idx = (received_counter_value % COUNTER_MAX_ALLOWED_OOO as u32) as usize; let idx = (received_counter_value % COUNTER_MAX_ALLOWED_OOO as u32) as usize;
return self.0[idx].fetch_max(received_counter_value, Ordering::SeqCst) < received_counter_value; return self.0[idx].fetch_max(received_counter_value, Ordering::SeqCst) < received_counter_value;

2
zssp/src/zssp.rs
View file

@ -416,6 +416,8 @@ impl<Application: ApplicationLayer> Session<Application> {
.map_or(true, |o| (current_time - o.creation_time) > Application::REKEY_RATE_LIMIT_MS) .map_or(true, |o| (current_time - o.creation_time) > Application::REKEY_RATE_LIMIT_MS)
{ {
if let Some(remote_s_public) = P384PublicKey::from_bytes(&self.remote_s_public_p384_bytes) { if let Some(remote_s_public) = P384PublicKey::from_bytes(&self.remote_s_public_p384_bytes) {
//mark the previous key as no longer being supported because it is about to be overwritten
self.receive_windows[(!current_key_id) as usize].invalidate();
let mut offer = None; let mut offer = None;
if send_ephemeral_offer( if send_ephemeral_offer(
&mut send, &mut send,