diff options
author | Matthias Schiffer <mschiffer@universe-factory.net> | 2013-03-01 07:04:09 +0100 |
---|---|---|
committer | Matthias Schiffer <mschiffer@universe-factory.net> | 2013-03-01 07:04:09 +0100 |
commit | 65af86308981328697bbf06b0818dd4e4f8dfc58 (patch) | |
tree | 8c4d99286a82037753da08a0f35dcdc48451cad4 /src | |
parent | 68bb9f39967ca45166bd070ee1f3fa1304cb6e98 (diff) | |
download | fastd-65af86308981328697bbf06b0818dd4e4f8dfc58.tar fastd-65af86308981328697bbf06b0818dd4e4f8dfc58.zip |
Re-verify unknown peers on each handshake
Diffstat (limited to 'src')
-rw-r--r-- | src/protocol_ec25519_fhmqvc.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/src/protocol_ec25519_fhmqvc.c b/src/protocol_ec25519_fhmqvc.c index 2bf6bde..951cbbb 100644 --- a/src/protocol_ec25519_fhmqvc.c +++ b/src/protocol_ec25519_fhmqvc.c @@ -577,6 +577,7 @@ static inline fastd_peer_t* add_temporary(fastd_context_t *ctx, fastd_socket_t * peer->protocol_state->last_serial--; if (!fastd_peer_verify_temporary(ctx, peer, &sock->addr->addr, address)) { + pr_debug(ctx, "ignoring handshake from %P[%I] (verification failed)", peer, address); fastd_peer_delete(ctx, peer); return NULL; } @@ -587,6 +588,7 @@ static inline fastd_peer_t* add_temporary(fastd_context_t *ctx, fastd_socket_t * static void protocol_handshake_handle(fastd_context_t *ctx, fastd_socket_t *sock, const fastd_peer_address_t *address, fastd_peer_t *peer, const fastd_handshake_t *handshake, const fastd_method_t *method) { handshake_key_t *handshake_key; char *peer_version_name = NULL; + bool temporary_added = false; maintenance(ctx); @@ -608,8 +610,10 @@ static void protocol_handshake_handle(fastd_context_t *ctx, fastd_socket_t *sock case ENOENT: peer = add_temporary(ctx, sock, address, handshake->records[RECORD_SENDER_KEY].data); - if (peer) + if (peer) { + temporary_added = true; break; + } return; @@ -618,6 +622,13 @@ static void protocol_handshake_handle(fastd_context_t *ctx, fastd_socket_t *sock } } + if (fastd_peer_is_temporary(peer) && !temporary_added) { + if (!fastd_peer_verify_temporary(ctx, peer, &sock->addr->addr, address)) { + pr_debug(ctx, "ignoring handshake from %P[%I] (verification failed)", peer, address); + return; + } + } + if (!fastd_peer_may_connect(ctx, peer)) { pr_debug(ctx, "ignoring handshake from %P[%I] because of local constraints", peer, address); return; |