Prevent oracle attacks (CVE-2018-16737, CVE-2018-16738)

[tinc] / src / net_socket.c

diff --git a/src/net_socket.c b/src/net_socket.c
index 3467804..6195c16 100644 (file)
--- a/src/net_socket.c
+++ b/src/net_socket.c
@@ -639,6 +639,9 @@ void setup_outgoing_connection(outgoing_t *outgoing) {
   new connection
 */
 bool handle_new_meta_connection(int sock) {
+       static const int max_accept_burst = 10;
+       static int last_accept_burst;
+       static int last_accept_time;
        connection_t *c;
        sockaddr_t sa;
        int fd;
@@ -651,6 +654,22 @@ bool handle_new_meta_connection(int sock) {
                return false;
        }
 
+       if(last_accept_time == now) {
+               last_accept_burst++;
+
+               if(last_accept_burst >= max_accept_burst) {
+                       if(last_accept_burst == max_accept_burst) {
+                               ifdebug(CONNECTIONS) logger(LOG_WARNING, "Throttling incoming connections");
+                       }
+
+                       tarpit(fd);
+                       return false;
+               }
+       } else {
+               last_accept_burst = 0;
+               last_accept_time = now;
+       }
+
        sockaddrunmap(&sa);
 
        c = new_connection();
@@ -672,7 +691,6 @@ bool handle_new_meta_connection(int sock) {
        connection_add(c);
 
        c->allow_request = ID;
-       send_id(c);
 
        return true;
 }