commit e605620744e3f752791dd6da4fd92d187af0d4a6
parent ec7495d35a4f120f6e6adf1e18f2ed10df38d155
Author: Roger Dingledine <arma@torproject.org>
Date: Fri, 1 Jul 2022 18:32:04 -0400
clients defend themselves from absurd pow requests
if asked for higher than a cap, we just solve it at the cap
i picked 500 for now but maybe we'll pick a better number in the future.
Diffstat:
1 file changed, 18 insertions(+), 0 deletions(-)
diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c
@@ -600,6 +600,10 @@ find_desc_intro_point_by_legacy_id(const char *legacy_id,
return ret_ip;
}
+/** Set a client-side cap on the highest effort of PoW we will try to
+ * tackle. If asked for higher, we solve it at this cap. */
+#define CLIENT_MAX_POW_EFFORT 500
+
/** Send an INTRODUCE1 cell along the intro circuit and populate the rend
* circuit identifier with the needed key material for the e2e encryption.
* Return 0 on success, -1 if there is a transient error such that an action
@@ -674,6 +678,20 @@ send_introduce1(origin_circuit_t *intro_circ,
if (desc->encrypted_data.pow_params) {
log_debug(LD_REND, "PoW params present in descriptor.");
pow_solution = tor_malloc_zero(sizeof(hs_pow_solution_t));
+
+ /* make sure we can't be tricked into hopeless quests */
+ if (desc->encrypted_data.pow_params->suggested_effort >
+ CLIENT_MAX_POW_EFFORT) {
+ log_notice(LD_REND, "Onion service suggested effort %d which is "
+ "higher than we want to solve. Solving at %d instead.",
+ desc->encrypted_data.pow_params->suggested_effort,
+ CLIENT_MAX_POW_EFFORT);
+
+ /* clobber it in-place. hopefully this won't have bad side effects. */
+ desc->encrypted_data.pow_params->suggested_effort =
+ CLIENT_MAX_POW_EFFORT;
+ }
+
if (hs_pow_solve(desc->encrypted_data.pow_params, pow_solution)) {
log_warn(LD_REND, "Haven't solved the PoW yet.");
goto tran_err;
