From 97f449a2f1aa3e4fbe7f2d853efa0c7935ded967 Mon Sep 17 00:00:00 2001 From: irungentoo Date: Tue, 13 Aug 2013 09:32:31 -0400 Subject: Fixed spam problem. (I broke the API so this will not build) The friend address is what the byte string that you give away for people to add you will be called. 1. Every friend address now contains a number set by the friend. This is to prevent someone from randomly spamming people in the DHT with friend requests and makes it so you need the person to actually give you the address in some way to send the friend request. This number is expected to be encrypted with the friend request. All requests that do not contain this number will be rejected. This means the spammer can no longer use the DHT to collect lists of valid addresses to spam. It also enables users to quickly change the number in case a spammer gets hold of the address and starts spamming it. 2. A 2 byte checksum will be added (not implemented yet) to prevent people from accidentally adding random strings as friends. (NOTE that this has nothing to do with the spam problem I just decided to add a placeholder for it now.) --- core/friend_requests.c | 32 ++++++++++++++++++++++++++++---- 1 file changed, 28 insertions(+), 4 deletions(-) (limited to 'core/friend_requests.c') diff --git a/core/friend_requests.c b/core/friend_requests.c index 5e9b447c..8276db29 100644 --- a/core/friend_requests.c +++ b/core/friend_requests.c @@ -25,15 +25,22 @@ uint8_t self_public_key[crypto_box_PUBLICKEYBYTES]; + /* Try to send a friendrequest to peer with public_key data is the data in the request and length is the length. return -1 if failure. return 0 if it sent the friend request directly to the friend. return the number of peers it was routed through if it did not send it directly.*/ -int send_friendrequest(uint8_t * public_key, uint8_t * data, uint32_t length) +int send_friendrequest(uint8_t * public_key, uint32_t nospam_num, uint8_t * data, uint32_t length) { + if(length - sizeof(nospam_num) > MAX_DATA_SIZE) + return -1; + + uint8_t temp[MAX_DATA_SIZE]; + memcpy(temp, &nospam_num, sizeof(nospam_num)); + memcpy(temp + sizeof(nospam_num), data, length); uint8_t packet[MAX_DATA_SIZE]; - int len = create_request(packet, public_key, data, length, 32); /* 32 is friend request packet id */ + int len = create_request(packet, public_key, temp, length + sizeof(nospam_num), 32); /* 32 is friend request packet id */ if (len == -1) return -1; @@ -57,6 +64,20 @@ int send_friendrequest(uint8_t * public_key, uint8_t * data, uint32_t length) return num; } +static uint32_t nospam; +/* + * Set and get the nospam variable used to prevent one type of friend request spam + */ +void set_nospam(uint32_t num) +{ + nospam = num; +} + +uint32_t get_nospam() +{ + return nospam; +} + static void (*handle_friendrequest)(uint8_t *, uint8_t *, uint16_t, void*); static uint8_t handle_friendrequest_isset = 0; static void* handle_friendrequest_userdata; @@ -115,14 +136,17 @@ static int friendreq_handlepacket(IP_Port source, uint8_t * packet, uint32_t len uint8_t public_key[crypto_box_PUBLICKEYBYTES]; uint8_t data[MAX_DATA_SIZE]; int len = handle_request(public_key, data, packet, length); - if (len == -1) return 1; + if (len <= sizeof(nospam)) + return 1; if (request_received(public_key)) return 1; + if (memcmp(data, &nospam, sizeof(nospam)) != 0) + return 1; addto_receivedlist(public_key); - (*handle_friendrequest)(public_key, data, len, handle_friendrequest_userdata); + (*handle_friendrequest)(public_key, data + 4, len - 4, handle_friendrequest_userdata); } else { /* if request is not for us, try routing it. */ if(route_packet(packet + 1, packet, length) == length) return 0; -- cgit v1.2.3