node

Florent Daignière Tue, 28 Aug 2007 10:29:57 +0200

* kryptos at freenetproject.org <kryptos at freenetproject.org> [2007-08-27 
23:44:24]:


> Author: kryptos
> Date: 2007-08-27 23:44:24 +0000 (Mon, 27 Aug 2007)
> New Revision: 14895
> 
> Modified:
>    branches/freenet-jfk/src/freenet/node/FNPPacketMangler.java
> Log:
>  Error in JFK message caching corrected thanks to nextgens
> 
> Modified: branches/freenet-jfk/src/freenet/node/FNPPacketMangler.java
> ===================================================================
> --- branches/freenet-jfk/src/freenet/node/FNPPacketMangler.java       
> 2007-08-27 23:37:38 UTC (rev 14894)
> +++ branches/freenet-jfk/src/freenet/node/FNPPacketMangler.java       
> 2007-08-27 23:44:24 UTC (rev 14895)
> @@ -672,15 +672,21 @@
>                   * This would result in increased processing on the 
> Responder side->CPU exhaustion attacks
>                   */
>                  byte[] cacheKey=processMessageAuth(pn);
> +                Object result;
>                  //All recent messages 3 and 4 are cached
>                  if(phase==2){
> -                    message3Cache.put(cacheKey,data);
> -                    //if duplicate message3; send corresponding message4
> -                    
> if(data.toString().equalsIgnoreCase(message3Cache.get(cacheKey).toString())){
> -                     sendMessage4Packet(1,2,3,data,pn,replyTo);
> -                     return true;
> -                    
> +                    synchronized(message3Cache) {
> +                    result = message3Cache.get(cacheKey);
>                      }
> +                    if(result != null) {
> +                        synchronized(message3Cache) {
> +                        message3Cache.put(cacheKey,data);
> +                    }
> +                    // We don't want to keep the lock while sending
> +                    sendMessage4Packet(1,2,3,data,pn,replyTo);
> +                    return true;
> +                    }
> +                           

Hmmm, that's not what you want !

"
synchronized(message3Cache) {
        result = message3Cache.get(cacheKey);
        if(result == null) {
                message3Cache.put(cacheKey,methodComputingData());
        }
}
// We don't want to keep the lock while sending
sendMessage4Packet(1,2,3,result,pn,replyTo);
"

Is closer but not ideal. Keep in mind that the whole point of caching
the message is to avoid "replays"/DoSes. You shouldn't spend any time in
ProcessMessage3 before calling that method (ie: do the expensive stuffs
in methodComputingData())

By the way I suggest you keep a static instance of HMAC so that you
don't spare time going through constructors/destructors in
processMessageAuth(PeerNode).

Hope this helps,
        NextGen$
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: 
<https://emu.freenetproject.org/pipermail/devl/attachments/20070828/583dfea1/attachment.pgp>

[freenet-dev] [freenet-cvs] r14895 - branches/freenet-jfk/src/freenet/node

Reply via email to