From 1c4aab926e0b25e0c896d4703d858eda1eb14ea5 Mon Sep 17 00:00:00 2001 From: Michael Hendricks Date: Tue, 29 Nov 2011 20:15:59 -0700 Subject: [PATCH] Retain only the most recent time samples Remembering all time samples makes nTimeOffset slow to respond to system clock corrections. For instance, I start my node with a system clock that's 30 minutes slow and run it for a few days. During that time, I accumulate 10,000 offset samples with a median of 1800 seconds. Now I correct my system clock. Without this change, my node must collect another 10,000 samples before nTimeOffset is correct again. With this change, I must only accumulate 100 samples to correct the offset. Storing unlimited time samples also allows an attacker with many IP addresses (ex, a large botnet) to perform a memory exhaustion attack against Bitcoin nodes. The attacker sends a version message from each IP to his target, consuming more of the target's memory each time. Time samples are small, so this attack might be impractical under the old code, but it's impossible with the new code. --- src/util.cpp | 17 +++++++---------- src/util.h | 10 ++++++++++ 2 files changed, 17 insertions(+), 10 deletions(-) diff --git a/src/util.cpp b/src/util.cpp index badf43c0d..2b4169ad4 100644 --- a/src/util.cpp +++ b/src/util.cpp @@ -30,7 +30,7 @@ string strMiscWarning; bool fTestNet = false; bool fNoListen = false; bool fLogTimestamps = false; - +CMedianFilter vTimeOffsets(200,0); @@ -940,15 +940,12 @@ void AddTimeData(unsigned int ip, int64 nTime) return; // Add data - static vector vTimeOffsets; - if (vTimeOffsets.empty()) - vTimeOffsets.push_back(0); - vTimeOffsets.push_back(nOffsetSample); - printf("Added time data, samples %d, offset %+"PRI64d" (%+"PRI64d" minutes)\n", vTimeOffsets.size(), vTimeOffsets.back(), vTimeOffsets.back()/60); + vTimeOffsets.input(nOffsetSample); + printf("Added time data, samples %d, offset %+"PRI64d" (%+"PRI64d" minutes)\n", vTimeOffsets.size(), nOffsetSample, nOffsetSample/60); if (vTimeOffsets.size() >= 5 && vTimeOffsets.size() % 2 == 1) { - sort(vTimeOffsets.begin(), vTimeOffsets.end()); - int64 nMedian = vTimeOffsets[vTimeOffsets.size()/2]; + int64 nMedian = vTimeOffsets.median(); + std::vector vSorted = vTimeOffsets.sorted(); // Only let other nodes change our time by so much if (abs64(nMedian) < 70 * 60) { @@ -963,7 +960,7 @@ void AddTimeData(unsigned int ip, int64 nTime) { // If nobody has a time different than ours but within 5 minutes of ours, give a warning bool fMatch = false; - BOOST_FOREACH(int64 nOffset, vTimeOffsets) + BOOST_FOREACH(int64 nOffset, vSorted) if (nOffset != 0 && abs64(nOffset) < 5 * 60) fMatch = true; @@ -978,7 +975,7 @@ void AddTimeData(unsigned int ip, int64 nTime) } } if (fDebug) { - BOOST_FOREACH(int64 n, vTimeOffsets) + BOOST_FOREACH(int64 n, vSorted) printf("%+"PRI64d" ", n); printf("| "); } diff --git a/src/util.h b/src/util.h index 1ef0e6f15..0dcd01100 100644 --- a/src/util.h +++ b/src/util.h @@ -623,6 +623,16 @@ public: return (vSorted[size/2-1] + vSorted[size/2]) / 2; } } + + int size() const + { + return vValues.size(); + } + + std::vector sorted () const + { + return vSorted; + } };