Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Don't allow onion paths to be built from real friends. #2287

Merged
merged 1 commit into from
Apr 11, 2022
Merged

fix: Don't allow onion paths to be built from real friends. #2287

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion other/bootstrap_daemon/docker/tox-bootstrapd.sha256
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
a12aa241a079e5f014a6689e48905a5a32c2fd455676cad431773908bda9245c /usr/local/bin/tox-bootstrapd
f20ba5a6917e5faee9a2a6439b448d3ced7cd177ba666ff1804882f494ea7b90 /usr/local/bin/tox-bootstrapd
13 changes: 9 additions & 4 deletions toxcore/DHT.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2589,6 +2589,9 @@ static uint16_t list_nodes(const Random *rng, const Client_data *list, size_t le
}

/** @brief Put up to max_num nodes in nodes from the random friends.
*
* Important: this function relies on the first two DHT friends *not* being real
* friends to avoid leaking information about real friends into the onion paths.
*
* @return the number of nodes.
*/
Expand All @@ -2598,12 +2601,14 @@ uint16_t randfriends_nodes(const DHT *dht, Node_format *nodes, uint16_t max_num)
return 0;
}

assert(dht->num_friends >= DHT_FAKE_FRIEND_NUMBER);
const uint32_t r = random_range_u32(dht->rng, dht->num_friends - DHT_FAKE_FRIEND_NUMBER);
uint16_t count = 0;
const uint32_t r = random_u32(dht->rng);

for (uint32_t i = 0; i < DHT_FAKE_FRIEND_NUMBER && i < dht->num_friends; ++i) {
count += list_nodes(dht->rng, dht->friends_list[r + i].client_list,
assert(DHT_FAKE_FRIEND_NUMBER <= dht->num_friends);

// Only gather nodes from the initial 2 fake friends.
for (uint32_t i = 0; i < DHT_FAKE_FRIEND_NUMBER; ++i) {
count += list_nodes(dht->rng, dht->friends_list[(i + r) % DHT_FAKE_FRIEND_NUMBER].client_list,
MAX_FRIEND_CLIENTS, dht->cur_time,
nodes + count, max_num - count);

Expand Down
3 changes: 3 additions & 0 deletions toxcore/DHT.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -410,6 +410,9 @@ int get_close_nodes(const DHT *dht, const uint8_t *public_key, Node_format *node


/** @brief Put up to max_num nodes in nodes from the random friends.
*
* Important: this function relies on the first two DHT friends *not* being real
* friends to avoid leaking information about real friends into the onion paths.
*
* @return the number of nodes.
*/
Expand Down