From 4f5496062c3a52b0d353a728293b3efd705bc42b Mon Sep 17 00:00:00 2001 From: orbiter Date: Tue, 12 Jun 2007 22:08:33 +0000 Subject: [PATCH] protection against too large seeds git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@3877 6c8d7289-2bf4-0310-a012-ef5d649a1542 --- htroot/yacy/hello.java | 4 ++++ source/de/anomic/yacy/yacyClient.java | 21 +++++++++++++++------ source/de/anomic/yacy/yacySeed.java | 1 + 3 files changed, 20 insertions(+), 6 deletions(-) diff --git a/htroot/yacy/hello.java b/htroot/yacy/hello.java index bac608064..416df6992 100644 --- a/htroot/yacy/hello.java +++ b/htroot/yacy/hello.java @@ -79,6 +79,10 @@ public final class hello { int count = 0; try {count = (countStr == null) ? 0 : Integer.parseInt(countStr);} catch (NumberFormatException e) {count = 0;} // final Date remoteTime = yacyCore.parseUniversalDate((String) post.get(MYTIME)); // read remote time + if (seed.length() > yacySeed.maxsize) { + yacyCore.log.logInfo("hello/server: rejected contacting seed; too large (" + seed.length() + " > " + yacySeed.maxsize + ")"); + return null; + } final yacySeed remoteSeed = yacySeed.genRemoteSeed(seed, key, false); // System.out.println("YACYHELLO: REMOTESEED=" + ((remoteSeed == null) ? "NULL" : remoteSeed.toString())); diff --git a/source/de/anomic/yacy/yacyClient.java b/source/de/anomic/yacy/yacyClient.java index c60f629b8..9301aba03 100644 --- a/source/de/anomic/yacy/yacyClient.java +++ b/source/de/anomic/yacy/yacyClient.java @@ -157,12 +157,17 @@ public final class yacyClient { yacySeed otherPeer = null; float otherPeerVersion = 0; if (otherHash != null && otherHash.length() > 0) { - otherPeer = yacySeed.genRemoteSeed((String) result.get("seed0"), key, true); - if (otherPeer == null || !otherPeer.hash.equals(otherHash)) { - yacyCore.log.logFine("yacyClient.publishMySeed: consistency error: other peer '" + ((otherPeer==null)?"unknown":otherPeer.getName()) + "' wrong"); - return -1; // no success + String seed = (String) result.get("seed0"); + if (seed.length() > yacySeed.maxsize) { + yacyCore.log.logInfo("hello/client 0: rejected contacting seed; too large (" + seed.length() + " > " + yacySeed.maxsize + ")"); + } else { + otherPeer = yacySeed.genRemoteSeed(seed, key, true); + if (otherPeer == null || !otherPeer.hash.equals(otherHash)) { + yacyCore.log.logFine("yacyClient.publishMySeed: consistency error: other peer '" + ((otherPeer==null)?"unknown":otherPeer.getName()) + "' wrong"); + return -1; // no success + } + otherPeerVersion = otherPeer.getVersion(); } - otherPeerVersion = otherPeer.getVersion(); } // set my own seed according to new information @@ -239,7 +244,11 @@ public final class yacyClient { while ((seedStr = (String) result.get("seed" + i++)) != null) { // integrate new seed into own database // the first seed, "seed0" is the seed of the responding peer - if (yacyCore.peerActions.peerArrival(yacySeed.genRemoteSeed(seedStr, key, true), (i == 1))) count++; + if (seedStr.length() > yacySeed.maxsize) { + yacyCore.log.logInfo("hello/client: rejected contacting seed; too large (" + seedStr.length() + " > " + yacySeed.maxsize + ")"); + } else { + if (yacyCore.peerActions.peerArrival(yacySeed.genRemoteSeed(seedStr, key, true), (i == 1))) count++; + } } return count; } diff --git a/source/de/anomic/yacy/yacySeed.java b/source/de/anomic/yacy/yacySeed.java index 68b635d4c..2c24e27f8 100644 --- a/source/de/anomic/yacy/yacySeed.java +++ b/source/de/anomic/yacy/yacySeed.java @@ -85,6 +85,7 @@ import de.anomic.tools.crypt; public class yacySeed { + public static final int maxsize = 2048; /** * substance "sI" (send index/words) */