Skip to content

Commit

Permalink
Added Process check to DBSigs to avoid accepting bad signatures. Cach…
Browse files Browse the repository at this point in the history 
…ed the valid result. Return 0 if the height isn't right
  • Loading branch information
@PaulSnow
PaulSnow committed May 4, 2017
1 parent f34ad92 commit f9cd621
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 2 deletions.
15 changes: 13 additions & 2 deletions common/messages/directoryBlockSignature.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,6 +119,15 @@ func (m *DirectoryBlockSignature) Type() byte {
// 0 -- Cannot tell if message is Valid
// 1 -- Message is valid
func (m *DirectoryBlockSignature) Validate(state interfaces.IState) int {

if m.IsValid() {
return 1
}

if m.DBHeight != state.GetLLeaderHeight() {
return 0
}

if m.DBHeight < state.GetHighestSavedBlk() {
state.AddStatus(fmt.Sprintf("DirectoryBlockSignature: Fail dbstate ht: %v < dbht: %v %s", m.DBHeight, state.GetHighestSavedBlk(), m.String()))
return -1
Expand All @@ -135,6 +144,7 @@ func (m *DirectoryBlockSignature) Validate(state interfaces.IState) int {
}

if m.IsLocal() {
m.SetValid()
return 1
}

Expand All @@ -144,17 +154,18 @@ func (m *DirectoryBlockSignature) Validate(state interfaces.IState) int {
// if there is an error during signature verification
// or if the signature is invalid
// the message is considered invalid
return 0
return -1
}

marshalledMsg, _ := m.MarshalForSignature()
authorityLevel, err := state.VerifyAuthoritySignature(marshalledMsg, m.Signature.GetSignature(), m.DBHeight)
if err != nil || authorityLevel < 1 {
//This authority is not a Fed Server (it's either an Audit or not an Authority at all)
state.AddStatus(fmt.Sprintf("DirectoryBlockSignature: Fail to Verify Sig (not from a Fed Server) dbht: %v %s", state.GetLLeaderHeight(), m.String()))
return 0
return -1
}

m.SetValid()
return 1
}

Expand Down
7 changes: 7 additions & 0 deletions state/stateConsensus.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1406,6 +1406,13 @@ func (s *State) ProcessDBSig(dbheight uint32, msg interfaces.IMsg) bool {
pl := s.ProcessLists.Get(dbheight)
vm := s.ProcessLists.Get(dbheight).VMs[msg.GetVMIndex()]

// If the DBSig doesn't validate, we are done. Toss it, and return.
if msg.Validate(s) != 1 {
vm.List[0] = nil
vm.ListAck[0] = nil
return false
}

if uint32(pl.System.Height) >= dbs.SysHeight {
s.DBSigSys = true
}
Expand Down

0 comments on commit f9cd621

Please sign in to comment.