Skip to content

Commit

Permalink
les: add Skip overflow check to GetBlockHeadersMsg handler (ethereum#…
Browse files Browse the repository at this point in the history
  • Loading branch information
zsfelfoldi authored and wgr523 committed Apr 18, 2023
1 parent 2135e2b commit 0876562
Showing 1 changed file with 18 additions and 7 deletions.
25 changes: 18 additions & 7 deletions les/handler.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ package les

import (
"encoding/binary"
"encoding/json"
"errors"
"fmt"
"math/big"
Expand Down Expand Up @@ -447,7 +448,7 @@ func (pm *ProtocolManager) handleMsg(p *peer) error {

// Advance to the next header of the query
switch {
case query.Origin.Hash != (common.Hash{}) && query.Reverse:
case hashMode && query.Reverse:
// Hash based traversal towards the genesis block
for i := 0; i < int(query.Skip)+1; i++ {
if header := pm.blockchain.GetHeader(query.Origin.Hash, number); header != nil {
Expand All @@ -458,16 +459,26 @@ func (pm *ProtocolManager) handleMsg(p *peer) error {
break
}
}
case query.Origin.Hash != (common.Hash{}) && !query.Reverse:
case hashMode && !query.Reverse:
// Hash based traversal towards the leaf block
if header := pm.blockchain.GetHeaderByNumber(origin.Number.Uint64() + query.Skip + 1); header != nil {
if pm.blockchain.GetBlockHashesFromHash(header.Hash(), query.Skip+1)[query.Skip] == query.Origin.Hash {
query.Origin.Hash = header.Hash()
var (
current = origin.Number.Uint64()
next = current + query.Skip + 1
)
if next <= current {
infos, _ := json.MarshalIndent(p.Peer.Info(), "", " ")
p.Log().Warn("GetBlockHeaders skip overflow attack", "current", current, "skip", query.Skip, "next", next, "attacker", infos)
unknown = true
} else {
if header := pm.blockchain.GetHeaderByNumber(next); header != nil {
if pm.blockchain.GetBlockHashesFromHash(header.Hash(), query.Skip+1)[query.Skip] == query.Origin.Hash {
query.Origin.Hash = header.Hash()
} else {
unknown = true
}
} else {
unknown = true
}
} else {
unknown = true
}
case query.Reverse:
// Number based traversal towards the genesis block
Expand Down

0 comments on commit 0876562

Please sign in to comment.