There was a report that by quickly asking a large number of nodes if
they have an ACK object (which the attacker knows but it is injected
into the network by the recipient of the message), it can estimate how
an object propagates through the network, and eventually pinpoint an
originating IP address of the injection, i.e. the IP address of the
message recipient.
This patch mitigates against it by stalling when asked for a nonexisting
object (so that the attacker can't spam requests), and also upon
connection before sending its own inventory list (so that reconnecting
won't help the attacker). It estimates how long a short message takes to
propagate through the network based on how many nodes are in a stream
and bases the stalling time on that. Currently that is about 15 seconds.
Initial connection delay takes into account the time that already passed
since the connection was established.
This basically gives the attacker one shot per a combination of his own
nodes and the nodes he can connect to, and thus makes the attack much
more difficult to succeed.
Editing of blacklist labels affected the rerendering, because it emits
the changed signal too, and it caused an exception because the address
field was missing at that time. This works around both.
In some situations, it's not necessary to send an ACK. For example, when
the sender is blacklisted, when the message has no content, or when the
address has ACK sending disabled.
Also it's not necessary to rebroadcast empty messages into a mailing
list.
When advertising nodes and when establishing connections, private IP
range checks were not done. This could cause private IPs to be
advertised across the network. Also, some of the checks weren't
IPv6-aware.
Fixes Bitmessage#768
If you change, add or remove an item in a treewidget or addressbook,
messagelists will now autoupdate labels, and sender comboboxes will also
update if applicable.
Fixes#69
Message compose sometimes misinterpreted quoted message as HTML, causing
rendering screwups. Since we don't support HTML composing, we will treat
all quoted messages as plain text.
Zooming in message body view / compose works in single steps
irrespective of wheel sensitivity, and info about zoom level is
displayed in percent rather than font pixel size.
if singleWorker crashed, the thread couldn't be joined. This both makes
it so that it doesn't crash, as well as reorders the shutdown sequence
so that it is less likely to be triggered.
Fixes Bitmessage#549
- it didn't shutdown correctly
- it didn't handle exception correctly (however, if I understand
correctly, this will never be triggered if using blocking get, so it
doesn't affect PyBitmessage)
- flushing size check changed from 1 to 0 (I don't know why it was 1)
Flood mitigation was done both in the ObjectProcessorQueue as well as
receiveData threads. This patch removes the mitigation in receiveData
threads and cleans up the one in the ObjectProcessorQueue
- subject on replies was not parsed correctly (or should I say was
parsed more than necessary)
- unicode can handle invalid characters without needing a special
function
Fixes#164
