Merge #19514: [net/net processing] check banman pointer before dereferencing

ca3585a483 [net/net processing] check banman pointer before dereferencing (John Newbery)

Pull request description:

  Although we currently don't do this, it should be possible to create a
  CConnman or PeerLogicValidation without a Banman instance. Therefore
  always check that banman exists before dereferencing the pointer.

  Also add comments to the m_banman members of CConnman and
  PeerLogicValidation to document that these may be nullptr.

ACKs for top commit:
  jonatack:
    ACK ca3585a
  theStack:
    ACK ca3585a483

Tree-SHA512: 726401c8921b9a502029ead34ae797473a1bc359d6e4e58dcbe3e25b70dde40bb100723be467fd3e2bf418892c493911998226de19c9d529d72034e3be26be48
This commit is contained in:
MarcoFalke 2020-07-14 15:26:05 +02:00
commit 1a655e89cb
No known key found for this signature in database
GPG key ID: CE2B75697E69A548
4 changed files with 10 additions and 5 deletions

View file

@ -1013,7 +1013,7 @@ void CConnman::AcceptConnection(const ListenSocket& hListenSocket) {
SetSocketNoDelay(hSocket);
// Don't accept connections from banned peers.
bool banned = m_banman->IsBanned(addr);
bool banned = m_banman && m_banman->IsBanned(addr);
if (!NetPermissions::HasFlag(permissionFlags, NetPermissionFlags::PF_NOBAN) && banned)
{
LogPrint(BCLog::NET, "connection from %s dropped (banned)\n", addr.ToString());
@ -1022,7 +1022,7 @@ void CConnman::AcceptConnection(const ListenSocket& hListenSocket) {
}
// Only accept connections from discouraged peers if our inbound slots aren't (almost) full.
bool discouraged = m_banman->IsDiscouraged(addr);
bool discouraged = m_banman && m_banman->IsDiscouraged(addr);
if (!NetPermissions::HasFlag(permissionFlags, NetPermissionFlags::PF_NOBAN) && nInbound + 1 >= nMaxInbound && discouraged)
{
LogPrint(BCLog::NET, "connection from %s dropped (discouraged)\n", addr.ToString());

View file

@ -447,6 +447,7 @@ private:
std::atomic<int> nBestHeight;
CClientUIInterface* clientInterface;
NetEventsInterface* m_msgproc;
/** Pointer to this node's banman. May be nullptr - check existence before dereferencing. */
BanMan* m_banman;
/** SipHasher seeds for deterministic randomness */

View file

@ -2491,8 +2491,10 @@ void ProcessMessage(
if (addr.nTime <= 100000000 || addr.nTime > nNow + 10 * 60)
addr.nTime = nNow - 5 * 24 * 60 * 60;
pfrom.AddAddressKnown(addr);
if (banman->IsDiscouraged(addr)) continue; // Do not process banned/discouraged addresses beyond remembering we received them
if (banman->IsBanned(addr)) continue;
if (banman && (banman->IsDiscouraged(addr) || banman->IsBanned(addr))) {
// Do not process banned/discouraged addresses beyond remembering we received them
continue;
}
bool fReachable = IsReachable(addr);
if (addr.nTime > nSince && !pfrom.fGetAddr && vAddr.size() <= 10 && addr.IsRoutable())
{
@ -3346,7 +3348,8 @@ void ProcessMessage(
std::vector<CAddress> vAddr = connman->GetAddresses();
FastRandomContext insecure_rand;
for (const CAddress &addr : vAddr) {
if (!banman->IsDiscouraged(addr) && !banman->IsBanned(addr)) {
bool banned_or_discouraged = banman && (banman->IsDiscouraged(addr) || banman->IsBanned(addr));
if (!banned_or_discouraged) {
pfrom.PushAddress(addr, insecure_rand);
}
}

View file

@ -29,6 +29,7 @@ static const int DISCOURAGEMENT_THRESHOLD{100};
class PeerLogicValidation final : public CValidationInterface, public NetEventsInterface {
private:
CConnman* const connman;
/** Pointer to this node's banman. May be nullptr - check existence before dereferencing. */
BanMan* const m_banman;
ChainstateManager& m_chainman;
CTxMemPool& m_mempool;