From 1ce65fca8a800fe61e5ff8c73bd7362dd1c79c43 Mon Sep 17 00:00:00 2001 From: Lee Miller Date: Mon, 4 Sep 2023 05:07:56 +0300 Subject: [PATCH] Invalidate the version message with a large time offset --- minode/message.py | 7 +++++-- minode/tests/test_message.py | 9 +++++++++ 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/minode/message.py b/minode/message.py index eee5e3f..ee01ea8 100644 --- a/minode/message.py +++ b/minode/message.py @@ -145,10 +145,13 @@ class Version(): def from_message(cls, m): payload = m.payload - ( # unused: timestamp, net_addr_local - protocol_version, services, _, net_addr_remote, _, nonce + ( # unused: net_addr_local + protocol_version, services, timestamp, net_addr_remote, _, nonce ) = struct.unpack('>IQQ26s26s8s', payload[:80]) + if abs(time.time() - timestamp) > 3600: + raise ValueError('remote time offset is too large') + net_addr_remote = structure.NetAddrNoPrefix.from_bytes(net_addr_remote) host = net_addr_remote.host diff --git a/minode/tests/test_message.py b/minode/tests/test_message.py index 1a6c089..7c0511e 100644 --- a/minode/tests/test_message.py +++ b/minode/tests/test_message.py @@ -1,4 +1,6 @@ """Tests for messages""" +import struct +import time import unittest from binascii import unhexlify @@ -75,6 +77,13 @@ class TestMessage(unittest.TestCase): """Test version message""" msg = message.Message.from_bytes(sample_version_msg) self.assertEqual(msg.command, b'version') + with self.assertRaises(ValueError): + # large time offset + version_packet = message.Version.from_message(msg) + msg.payload = ( + msg.payload[:12] + struct.pack('>Q', int(time.time())) + + msg.payload[20:]) + version_packet = message.Version.from_message(msg) self.assertEqual(version_packet.host, '127.0.0.1') self.assertEqual(version_packet.port, 8444)