More refactoring to clean up code, and add a gate function to make sure we do not handle OK packets we did not expect. This hardens up a few potential edge cases around security, since such messages might be used to e.g. pollute a cache and DOS under certain conditions.

author: Adam Ierymenko <adam.ierymenko@gmail.com> 2016-09-09 08:43:58 -0700
committer: Adam Ierymenko <adam.ierymenko@gmail.com> 2016-09-09 08:43:58 -0700
commit: 0d4109a9f1f119e336d73039251ad17c0e2a56f4 (patch)
tree: 7dbed18275342042878db41b7b7484bfb9afa5a1 /node/Membership.hpp
parent: 16df2c33631eeb3e123fefa4febf20f202fd476b (diff)
download: infinitytier-0d4109a9f1f119e336d73039251ad17c0e2a56f4.tar.gz
infinitytier-0d4109a9f1f119e336d73039251ad17c0e2a56f4.zip
1 files changed, 4 insertions, 2 deletions
diff --git a/node/Membership.hpp b/node/Membership.hpp
index 55355fda..d67c6822 100644
--- a/node/Membership.hpp
+++ b/node/Membership.hpp
@@ -163,8 +163,10 @@ public:
 			return true;
 		if (_com) {
 			const uint64_t a = _com.timestamp().first;
-			const std::pair<uint64_t,uint64_t> b(nconf.com.timestamp());
-			return ((a <= b.first) ? ((b.first - a) <= ZT_PEER_ACTIVITY_TIMEOUT) : true);
+			if ((_blacklistBefore)&&(a <= _blacklistBefore))
+				return false;
+			const uint64_t b = nconf.com.timestamp().first;
+			return ((a <= b) ? ((b - a) <= ZT_NETWORKCONFIG_DEFAULT_CREDENTIAL_TIME_MAX_MAX_DELTA) : true);
 		}
 		return false;
 	}
author	Adam Ierymenko <adam.ierymenko@gmail.com>	2016-09-09 08:43:58 -0700
committer	Adam Ierymenko <adam.ierymenko@gmail.com>	2016-09-09 08:43:58 -0700
commit	0d4109a9f1f119e336d73039251ad17c0e2a56f4 (patch)
tree	7dbed18275342042878db41b7b7484bfb9afa5a1 /node/Membership.hpp
parent	16df2c33631eeb3e123fefa4febf20f202fd476b (diff)
download	infinitytier-0d4109a9f1f119e336d73039251ad17c0e2a56f4.tar.gz infinitytier-0d4109a9f1f119e336d73039251ad17c0e2a56f4.zip