Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Security fix 4 - Simplify node time and network-adjusted time warning logic #315

Merged
merged 9 commits into from
Nov 5, 2024
Merged

Security fix 4 - Simplify node time and network-adjusted time warning logic #315

merged 9 commits into from
Nov 5, 2024

Conversation

Naviabheeman
Copy link
Contributor

@Naviabheeman Naviabheeman commented Sep 24, 2024
edited
Loading

Port fix of vulnerability fix of Disclosure of netsplit due to timestamp adjustment which was changed later by PR 29623(Simplify network-adjusted time warning logic)

As this PR removes the timeoffset previously defined in each node, the notion of 'adjusted time' is also removed. So a unified std::chrono::system_clock is used to get the time in GetTime, GetAdjustedTime, GetSystemTimeInSeconds, GetTimeMillis and GetTimeMicros.

  • GetAdjustedTime and GetTime are now the same. They return the mockable system time.
  • GetSystemTimeInSeconds does not allow mocktime. This is essential as the p2p layer depends heavily on the connection and message time. Any change to this time due to mocking results in unpredictable behaviour in functional tests.

@Naviabheeman
port security fix:PR 29623(Simplify network-adjusted time warning logic)
03c968a 
removes the timeoffset defined in each node, all time functions defined in tapyrus are affected
use std::chrono::system_clock is used to get the time in GetTime, GetAdjustedTime, GetSystemTimeInSeconds, GetTimeMillis and GetTimeMicros. This system time takes into account the mocktime used testing also.
@Naviabheeman
unified use std::chrono::system_clock is used to get the time for Get…
c8cc815 
…Time, GetAdjustedTime, GetSystemTimeInSeconds, GetTimeMillis and GetTimeMicros. This system time takes into account the mocktime used testing also.
@Naviabheeman
fix denial of service test by changing mocktime setting before each c…
0c1b9e4 
…all to addrandonoutboundpeer
@Naviabheeman
fix linting in log statement for clock out of sync warning
e0825ab
@Naviabheeman
try to fix timeout errors in CI because of notfound replies from tapyrus
188fd42
@Naviabheeman
seperate gettime and getsystemtimeinseconds as the two could not be c…
f25a5ac 
…ombined
azuchi
azuchi requested changes Oct 29, 2024
View reviewed changes
Copy link
Contributor

@azuchi azuchi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Isn't the nTimeOffset field in classes CNode and CNodeStats also unnecessary?

azuchi
azuchi requested changes Oct 29, 2024
View reviewed changes
@Naviabheeman
Copy link
Contributor Author

Isn't the nTimeOffset field in classes CNode and CNodeStats also unnecessary?

nTimeOffset field in CNode class has the time offset for each peer. I was not able to remove it.

@azuchi
Copy link
Contributor

azuchi commented Oct 30, 2024

Isn't the nTimeOffset field in classes CNode and CNodeStats also unnecessary?

nTimeOffset field in CNode class has the time offset for each peer. I was not able to remove it.

but, nTimeOffset in CNodeStats seems not referenced anywhere.

@Naviabheeman
Copy link
Contributor Author

Naviabheeman commented Nov 2, 2024
edited
Loading

but, nTimeOffset in CNodeStats seems not referenced anywhere.

I tried to remove it, but this is used in the GUI after the previous commit (
#315 (comment)). I'm removing both.

@Naviabheeman Naviabheeman force-pushed the Securityfix4_node_time branch from 58603dc to abe5184 Compare November 3, 2024 09:49
@Naviabheeman Naviabheeman mentioned this pull request Nov 3, 2024
Merged
@azuchi azuchi merged commit a5423d8 into chaintope:master Nov 5, 2024
10 checks passed
@Naviabheeman Naviabheeman deleted the Securityfix4_node_time branch February 20, 2025 05:52
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@azuchi azuchi azuchi approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Naviabheeman @azuchi