summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/protocol_ec25519_fhmqvc.c13
1 files changed, 12 insertions, 1 deletions
diff --git a/src/protocol_ec25519_fhmqvc.c b/src/protocol_ec25519_fhmqvc.c
index 2bf6bde..951cbbb 100644
--- a/src/protocol_ec25519_fhmqvc.c
+++ b/src/protocol_ec25519_fhmqvc.c
@@ -577,6 +577,7 @@ static inline fastd_peer_t* add_temporary(fastd_context_t *ctx, fastd_socket_t *
peer->protocol_state->last_serial--;
if (!fastd_peer_verify_temporary(ctx, peer, &sock->addr->addr, address)) {
+ pr_debug(ctx, "ignoring handshake from %P[%I] (verification failed)", peer, address);
fastd_peer_delete(ctx, peer);
return NULL;
}
@@ -587,6 +588,7 @@ static inline fastd_peer_t* add_temporary(fastd_context_t *ctx, fastd_socket_t *
static void protocol_handshake_handle(fastd_context_t *ctx, fastd_socket_t *sock, const fastd_peer_address_t *address, fastd_peer_t *peer, const fastd_handshake_t *handshake, const fastd_method_t *method) {
handshake_key_t *handshake_key;
char *peer_version_name = NULL;
+ bool temporary_added = false;
maintenance(ctx);
@@ -608,8 +610,10 @@ static void protocol_handshake_handle(fastd_context_t *ctx, fastd_socket_t *sock
case ENOENT:
peer = add_temporary(ctx, sock, address, handshake->records[RECORD_SENDER_KEY].data);
- if (peer)
+ if (peer) {
+ temporary_added = true;
break;
+ }
return;
@@ -618,6 +622,13 @@ static void protocol_handshake_handle(fastd_context_t *ctx, fastd_socket_t *sock
}
}
+ if (fastd_peer_is_temporary(peer) && !temporary_added) {
+ if (!fastd_peer_verify_temporary(ctx, peer, &sock->addr->addr, address)) {
+ pr_debug(ctx, "ignoring handshake from %P[%I] (verification failed)", peer, address);
+ return;
+ }
+ }
+
if (!fastd_peer_may_connect(ctx, peer)) {
pr_debug(ctx, "ignoring handshake from %P[%I] because of local constraints", peer, address);
return;