From 2ea7b52d185d2910809283745d571a42061937dd Mon Sep 17 00:00:00 2001 From: Jonathan Warren Date: Tue, 2 Apr 2013 16:36:48 -0400 Subject: [PATCH 1/2] move isAckDataValid to its own function --- bitmessagemain.py | 34 ++++++++++++++++++---------------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/bitmessagemain.py b/bitmessagemain.py index 4d97bf0d..8b1d9968 100755 --- a/bitmessagemain.py +++ b/bitmessagemain.py @@ -959,20 +959,7 @@ class receiveDataThread(QThread): self.emit(SIGNAL("displayNewSentMessage(PyQt_PyObject,PyQt_PyObject,PyQt_PyObject,PyQt_PyObject,PyQt_PyObject,PyQt_PyObject)"),toAddress,'[Broadcast subscribers]',fromAddress,subject,message,ackdata) workerQueue.put(('sendbroadcast',(fromAddress,subject,message))) - #Now let's consider sending the acknowledgement. We'll need to make sure that our client will properly process the ackData; if the packet is malformed, we could clear out self.data and an attacker could use that behavior to determine that we were capable of decoding this message. - ackDataValidThusFar = True - if len(ackData) < 24: - print 'The length of ackData is unreasonably short. Not sending ackData.' - ackDataValidThusFar = False - elif ackData[0:4] != '\xe9\xbe\xb4\xd9': - print 'Ackdata magic bytes were wrong. Not sending ackData.' - ackDataValidThusFar = False - if ackDataValidThusFar: - ackDataPayloadLength, = unpack('>L',ackData[16:20]) - if len(ackData)-24 != ackDataPayloadLength: - print 'ackData payload length doesn\'t match the payload length specified in the header. Not sending ackdata.' - ackDataValidThusFar = False - if ackDataValidThusFar: + if self.isAckDataValid(ackData): print 'ackData is valid. Will process it.' self.ackDataThatWeHaveYetToSend.append(ackData) #When we have processed all data, the processData function will pop the ackData out and process it as if it is a message received from our peer. #Display timing data @@ -986,6 +973,21 @@ class receiveDataThread(QThread): print 'Average time for all message decryption successes since startup:', sum / len(successfullyDecryptMessageTimings) printLock.release() + def isAckDataValid(self,ackData): + if len(ackData) < 24: + print 'The length of ackData is unreasonably short. Not sending ackData.' + return False + if ackData[0:4] != '\xe9\xbe\xb4\xd9': + print 'Ackdata magic bytes were wrong. Not sending ackData.' + return False + ackDataPayloadLength, = unpack('>L',ackData[16:24]) + if len(ackData)-24 != ackDataPayloadLength: + print 'ackData payload length doesn\'t match the payload length specified in the header. Not sending ackdata.' + return False + if ackData[4:16] != 'getpubkey\x00\x00\x00' and ackData[4:16] != 'pubkey\x00\x00\x00\x00\x00\x00' and ackData[4:16] != 'msg\x00\x00\x00\x00\x00\x00\x00\x00\x00' and ackData[4:16] != 'broadcast\x00\x00\x00' : + return False + return True + def addMailingListNameToSubject(self,subject,mailingListName): subject = subject.strip() if subject[:3] == 'Re:' or subject[:3] == 'RE:': @@ -1159,7 +1161,7 @@ class receiveDataThread(QThread): print 'We have already received this getpubkey request (it is stored on disk in the SQL inventory). Ignoring it.' inventoryLock.release() return - self.objectsOfWhichThisRemoteNodeIsAlreadyAware[inventoryHash] = 0 + objectType = 'getpubkey' inventory[inventoryHash] = (objectType, self.streamNumber, data, embeddedTime) inventoryLock.release() @@ -2091,7 +2093,7 @@ class singleWorker(QThread): sqlSubmitQueue.put((toripe,)) queryreturn = sqlReturnQueue.get() sqlLock.release() - if queryreturn != '': #If we have the pubkey then send the message otherwise put the hash in the neededPubkeys data structure so that we will pay attention to it if it comes over the wire. + if queryreturn != []: #If we have the pubkey then send the message otherwise put the hash in the neededPubkeys data structure so that we will pay attention to it if it comes over the wire. self.sendMsg(toripe) else: neededPubkeys[toripe] = 0 From 10c6934b8ed024e430e605df0027dab65dbb6679 Mon Sep 17 00:00:00 2001 From: Jonathan Warren Date: Tue, 2 Apr 2013 18:00:43 -0400 Subject: [PATCH 2/2] move isAckDataValid to its own function --- bitmessagemain.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/bitmessagemain.py b/bitmessagemain.py index 8b1d9968..92f88e01 100755 --- a/bitmessagemain.py +++ b/bitmessagemain.py @@ -980,7 +980,7 @@ class receiveDataThread(QThread): if ackData[0:4] != '\xe9\xbe\xb4\xd9': print 'Ackdata magic bytes were wrong. Not sending ackData.' return False - ackDataPayloadLength, = unpack('>L',ackData[16:24]) + ackDataPayloadLength, = unpack('>L',ackData[16:20]) if len(ackData)-24 != ackDataPayloadLength: print 'ackData payload length doesn\'t match the payload length specified in the header. Not sending ackdata.' return False @@ -4626,7 +4626,7 @@ class MyForm(QtGui.QMainWindow): printLock.acquire() print 'Closing. Flushing inventory in memory out to disk...' printLock.release() - self.statusBar().showMessage('Flushing inventory in memory out to disk.') + self.statusBar().showMessage('Flushing inventory in memory out to disk. This may take several minutes...') flushInventory() #This one last useless query will guarantee that the previous query committed before we close the program. @@ -4672,7 +4672,6 @@ class MyForm(QtGui.QMainWindow): toAddressAtCurrentInboxRow = str(self.ui.tableWidgetInbox.item(currentInboxRow,0).data(Qt.UserRole).toPyObject()) fromAddressAtCurrentInboxRow = str(self.ui.tableWidgetInbox.item(currentInboxRow,1).data(Qt.UserRole).toPyObject()) - if toAddressAtCurrentInboxRow == '[Broadcast subscribers]': self.ui.labelFrom.setText('') else: