Set an upper bound of allowed root rotations to 1000.

The idea is to try to better handle the scenario where the server keeps unceasingly providing valid metadata, which could be a sort of bizarre attack. Suggested-by: Laurent Bonnans <laurent.bonnans@here.com> Signed-off-by: Patrick Vacek <patrickvacek@gmail.com>
advancedtelematic · Jan 6, 2020 · ff053f9 · ff053f9
1 parent 0419df6
commit ff053f9
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 1 deletion.
diff --git a/src/libaktualizr/uptane/uptanerepository.cc b/src/libaktualizr/uptane/uptanerepository.cc
@@ -84,7 +84,7 @@ bool RepositoryCommon::updateRoot(INvStorage& storage, const IMetadataFetcher& f
   }
 
   // 5.4.4.3.2. Update to the latest Root metadata file.
-  for (int version = rootVersion() + 1;; ++version) {
+  for (int version = rootVersion() + 1; version < kMaxRotations; ++version) {
     // 5.4.4.3.2.2. Try downloading a new version N+1 of the Root metadata file.
     std::string root_raw;
     if (!fetcher.fetchRole(&root_raw, kMaxRootSize, repo_type, Role::Root(), Version(version))) {

diff --git a/src/libaktualizr/uptane/uptanerepository.h b/src/libaktualizr/uptane/uptanerepository.h
@@ -49,6 +49,8 @@ class RepositoryCommon {
   void resetRoot();
   bool updateRoot(INvStorage &storage, const IMetadataFetcher &fetcher, RepositoryType repo_type);
 
+  static const int64_t kMaxRotations = 1000;
+
   Root root;
   RepositoryType type;
 };