storage: use constant-time comparison for write-enablers and lease-secrets

This commit is contained in:
Brian Warner 2009-03-22 20:21:28 -07:00
parent 01e2032669
commit 5e8c31c3b6
2 changed files with 9 additions and 5 deletions
src/allmydata/storage

View File

@ -6,6 +6,7 @@ from zope.interface import implements
from allmydata.interfaces import RIBucketWriter, RIBucketReader from allmydata.interfaces import RIBucketWriter, RIBucketReader
from allmydata.util import base32, fileutil, log from allmydata.util import base32, fileutil, log
from allmydata.util.assertutil import precondition from allmydata.util.assertutil import precondition
from allmydata.util.hashutil import constant_time_compare
from allmydata.storage.lease import LeaseInfo from allmydata.storage.lease import LeaseInfo
from allmydata.storage.common import UnknownImmutableContainerVersionError, \ from allmydata.storage.common import UnknownImmutableContainerVersionError, \
DataTooLargeError DataTooLargeError
@ -142,7 +143,7 @@ class ShareFile:
def renew_lease(self, renew_secret, new_expire_time): def renew_lease(self, renew_secret, new_expire_time):
for i,lease in enumerate(self.get_leases()): for i,lease in enumerate(self.get_leases()):
if lease.renew_secret == renew_secret: if constant_time_compare(lease.renew_secret, renew_secret):
# yup. See if we need to update the owner time. # yup. See if we need to update the owner time.
if new_expire_time > lease.expiration_time: if new_expire_time > lease.expiration_time:
# yes # yes
@ -172,7 +173,7 @@ class ShareFile:
leases = list(self.get_leases()) leases = list(self.get_leases())
num_leases_removed = 0 num_leases_removed = 0
for i,lease in enumerate(leases): for i,lease in enumerate(leases):
if lease.cancel_secret == cancel_secret: if constant_time_compare(lease.cancel_secret, cancel_secret):
leases[i] = None leases[i] = None
num_leases_removed += 1 num_leases_removed += 1
if not num_leases_removed: if not num_leases_removed:

View File

@ -3,6 +3,7 @@ import os, stat, struct
from allmydata.interfaces import BadWriteEnablerError from allmydata.interfaces import BadWriteEnablerError
from allmydata.util import idlib, log from allmydata.util import idlib, log
from allmydata.util.assertutil import precondition from allmydata.util.assertutil import precondition
from allmydata.util.hashutil import constant_time_compare
from allmydata.storage.lease import LeaseInfo from allmydata.storage.lease import LeaseInfo
from allmydata.storage.common import UnknownMutableContainerVersionError, \ from allmydata.storage.common import UnknownMutableContainerVersionError, \
DataTooLargeError DataTooLargeError
@ -266,7 +267,7 @@ class MutableShareFile:
accepting_nodeids = set() accepting_nodeids = set()
f = open(self.home, 'rb+') f = open(self.home, 'rb+')
for (leasenum,lease) in self._enumerate_leases(f): for (leasenum,lease) in self._enumerate_leases(f):
if lease.renew_secret == renew_secret: if constant_time_compare(lease.renew_secret, renew_secret):
# yup. See if we need to update the owner time. # yup. See if we need to update the owner time.
if new_expire_time > lease.expiration_time: if new_expire_time > lease.expiration_time:
# yes # yes
@ -312,7 +313,7 @@ class MutableShareFile:
f = open(self.home, 'rb+') f = open(self.home, 'rb+')
for (leasenum,lease) in self._enumerate_leases(f): for (leasenum,lease) in self._enumerate_leases(f):
accepting_nodeids.add(lease.nodeid) accepting_nodeids.add(lease.nodeid)
if lease.cancel_secret == cancel_secret: if constant_time_compare(lease.cancel_secret, cancel_secret):
self._write_lease_record(f, leasenum, blank_lease) self._write_lease_record(f, leasenum, blank_lease)
modified += 1 modified += 1
else: else:
@ -365,7 +366,9 @@ class MutableShareFile:
(real_write_enabler, write_enabler_nodeid) = \ (real_write_enabler, write_enabler_nodeid) = \
self._read_write_enabler_and_nodeid(f) self._read_write_enabler_and_nodeid(f)
f.close() f.close()
if write_enabler != real_write_enabler: # avoid a timing attack
#if write_enabler != real_write_enabler:
if not constant_time_compare(write_enabler, real_write_enabler):
# accomodate share migration by reporting the nodeid used for the # accomodate share migration by reporting the nodeid used for the
# old write enabler. # old write enabler.
self.log(format="bad write enabler on SI %(si)s," self.log(format="bad write enabler on SI %(si)s,"