diff options
author | Nick Mathewson <nickm@torproject.org> | 2009-03-19 12:03:04 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2009-03-19 12:03:04 -0400 |
commit | 714d37da91c34db5911e413d53ab544f7ef5a9a3 (patch) | |
tree | 909b113215e49b8f4cb15872af76ad85a0a15a1d | |
parent | ce33821211c05735024617853aa3d0a31e63ef59 (diff) |
Add lengths to the timestamp file.
This might break old clients, but AFAICT there are no clients running versions
prior to 15 Dec. It's necessary to avoid some DOS attacks.
-rw-r--r-- | TODO | 2 | ||||
-rw-r--r-- | lib/thandy/ServerCLI.py | 14 | ||||
-rw-r--r-- | lib/thandy/formats.py | 13 |
3 files changed, 17 insertions, 12 deletions
@@ -33,7 +33,7 @@ o Decouple install from check: they are not necessarily related. believable value to make sure we don't download too much o Include lengths in generated packages and bundles . Specify use of length field. - - Once everybody has been wanted to update their clients, include + o Once everybody has been wanted to update their clients, include lengths in timestamp files. - Make lengths mandatory - Maybe make lengths enforced for purposes other than a maximum diff --git a/lib/thandy/ServerCLI.py b/lib/thandy/ServerCLI.py index d9c0f04..9212846 100644 --- a/lib/thandy/ServerCLI.py +++ b/lib/thandy/ServerCLI.py @@ -24,7 +24,8 @@ def snarf(fname): def snarfObj(fname): f = open(fname, 'r') try: - return json.load(f) + length = os.fstat(f.fileno()).st_size + return json.load(f), length finally: f.close() @@ -127,12 +128,12 @@ def timestamp(args): tsFname = os.path.join(repo, "meta/timestamp.txt") try: - mObj = snarfObj(os.path.join(repo, "meta/mirrors.txt")) + mObj, mLen = snarfObj(os.path.join(repo, "meta/mirrors.txt")) except OSError: print "No mirror list!" sys.exit(1) try: - kObj = snarfObj(os.path.join(repo, "meta/keys.txt")) + kObj, kLen = snarfObj(os.path.join(repo, "meta/keys.txt")) except OSError: print "No key list!" sys.exit(1) @@ -142,7 +143,7 @@ def timestamp(args): for fn in fns: fn = os.path.join(dirpath, fn) try: - bObj = snarfObj(fn) + bObj, bLen = snarfObj(fn) except (ValueError, OSError, IOError), e: print "(Couldn't read bundle-like %s: %s)"%(fn, e) continue @@ -154,10 +155,11 @@ def timestamp(args): if r != "bundle": print "%s was not a good bundle"%fn continue - bundles.append(bObj['signed']) + bundles.append((bObj['signed'], bLen)) timestamp = thandy.formats.makeTimestampObj( - mObj['signed'], kObj['signed'], bundles) + mObj['signed'], mLen, kObj['signed'], kLen, + bundles) signable = thandy.formats.makeSignable(timestamp) keydb = thandy.formats.Keylist() diff --git a/lib/thandy/formats.py b/lib/thandy/formats.py index b82bf05..5429d5c 100644 --- a/lib/thandy/formats.py +++ b/lib/thandy/formats.py @@ -794,19 +794,22 @@ def getBundleKey(bundlePath): idx = bundlePath.rindex("/") return bundlePath[:idx+1] -def makeTimestampObj(mirrorlist_obj, keylist_obj, +def makeTimestampObj(mirrorlist_obj, mirrorlist_len, + keylist_obj, keylist_len, bundle_objs): result = { '_type' : 'Timestamp', 'at' : formatTime(time.time()) } result['m'] = [ mirrorlist_obj['ts'], - formatHash(getDigest(mirrorlist_obj)) ] + formatHash(getDigest(mirrorlist_obj)), + mirrorlist_len ] result['k'] = [ keylist_obj['ts'], - formatHash(getDigest(keylist_obj)) ] + formatHash(getDigest(keylist_obj)), + keylist_len ] result['b'] = bundles = {} - for bundle in bundle_objs: + for bundle, bundleLen in bundle_objs: k = getBundleKey(bundle['location']) v = bundle['version'] - entry = [ v, bundle['location'], bundle['at'], formatHash(getDigest(bundle)) ] + entry = [ v, bundle['location'], bundle['at'], formatHash(getDigest(bundle)), bundleLen ] if not bundles.has_key(k) or versionIsNewer(v, bundles[k][0]): bundles[k] = entry |