From 1a6fa19323c524594c2311e6796061febab238cb Mon Sep 17 00:00:00 2001 From: Arinerron Date: Wed, 6 Jun 2018 18:54:35 -0700 Subject: [PATCH 1/2] Fix 2 DOS vulns, improve Onionr efficiency --- onionr/onionr.py | 2 +- onionr/onionrblockapi.py | 11 +++++++++-- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/onionr/onionr.py b/onionr/onionr.py index 21ccd340..7b7f7511 100755 --- a/onionr/onionr.py +++ b/onionr/onionr.py @@ -469,7 +469,7 @@ class Onionr: with open(plugins.get_plugins_folder(plugin_name) + '/main.py', 'a') as main: contents = '' with open('static-data/default_plugin.py', 'rb') as file: - contents = file.read() + contents = file.read().decode() # TODO: Fix $user. os.getlogin() is B U G G Y main.write(contents.replace('$user', 'some random developer').replace('$date', datetime.datetime.now().strftime('%Y-%m-%d')).replace('$name', plugin_name)) diff --git a/onionr/onionrblockapi.py b/onionr/onionrblockapi.py index 23609072..3ccc893a 100644 --- a/onionr/onionrblockapi.py +++ b/onionr/onionrblockapi.py @@ -111,7 +111,7 @@ class Block: self.bheader = json.loads(self.getRaw()[:self.getRaw().index('\n')]) self.bcontent = self.getRaw()[self.getRaw().index('\n') + 1:] self.bmetadata = json.loads(self.getHeader('meta')) - self.parent = (None if not 'parent' in self.getMetadata() else Block(self.getMetadata('parent'))) + self.parent = (None if not 'parent' in self.getMetadata() else self.getMetadata('parent')) self.btype = self.getMetadata('type') self.powHash = self.getMetadata('powHash') self.powToken = self.getMetadata('powToken') @@ -263,6 +263,14 @@ class Block: - (Block): the Block's parent ''' + if self.parent == str: + if self.parent == self.getHash(): + self.parent = self + elif Block.exists(self.parent): + self.parent = Block(self.getMetadata('parent')) + else: + self.parent = None + return self.parent def getDate(self): @@ -459,7 +467,6 @@ class Block: if relevant: relevant_blocks.append(block) - if bool(reverse): relevant_blocks.reverse() From 0ca6480c7910aa8845159011932a708fb4a60a73 Mon Sep 17 00:00:00 2001 From: Arinerron Date: Wed, 6 Jun 2018 18:58:40 -0700 Subject: [PATCH 2/2] silly me, missing type() --- onionr/onionrblockapi.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/onionr/onionrblockapi.py b/onionr/onionrblockapi.py index 3ccc893a..6dc9029a 100644 --- a/onionr/onionrblockapi.py +++ b/onionr/onionrblockapi.py @@ -263,7 +263,7 @@ class Block: - (Block): the Block's parent ''' - if self.parent == str: + if type(self.parent) == str: if self.parent == self.getHash(): self.parent = self elif Block.exists(self.parent):