From 65af86308981328697bbf06b0818dd4e4f8dfc58 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Fri, 1 Mar 2013 07:04:09 +0100 Subject: Re-verify unknown peers on each handshake --- src/protocol_ec25519_fhmqvc.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/protocol_ec25519_fhmqvc.c b/src/protocol_ec25519_fhmqvc.c index 2bf6bde..951cbbb 100644 --- a/src/protocol_ec25519_fhmqvc.c +++ b/src/protocol_ec25519_fhmqvc.c @@ -577,6 +577,7 @@ static inline fastd_peer_t* add_temporary(fastd_context_t *ctx, fastd_socket_t * peer->protocol_state->last_serial--; if (!fastd_peer_verify_temporary(ctx, peer, &sock->addr->addr, address)) { + pr_debug(ctx, "ignoring handshake from %P[%I] (verification failed)", peer, address); fastd_peer_delete(ctx, peer); return NULL; } @@ -587,6 +588,7 @@ static inline fastd_peer_t* add_temporary(fastd_context_t *ctx, fastd_socket_t * static void protocol_handshake_handle(fastd_context_t *ctx, fastd_socket_t *sock, const fastd_peer_address_t *address, fastd_peer_t *peer, const fastd_handshake_t *handshake, const fastd_method_t *method) { handshake_key_t *handshake_key; char *peer_version_name = NULL; + bool temporary_added = false; maintenance(ctx); @@ -608,8 +610,10 @@ static void protocol_handshake_handle(fastd_context_t *ctx, fastd_socket_t *sock case ENOENT: peer = add_temporary(ctx, sock, address, handshake->records[RECORD_SENDER_KEY].data); - if (peer) + if (peer) { + temporary_added = true; break; + } return; @@ -618,6 +622,13 @@ static void protocol_handshake_handle(fastd_context_t *ctx, fastd_socket_t *sock } } + if (fastd_peer_is_temporary(peer) && !temporary_added) { + if (!fastd_peer_verify_temporary(ctx, peer, &sock->addr->addr, address)) { + pr_debug(ctx, "ignoring handshake from %P[%I] (verification failed)", peer, address); + return; + } + } + if (!fastd_peer_may_connect(ctx, peer)) { pr_debug(ctx, "ignoring handshake from %P[%I] because of local constraints", peer, address); return; -- cgit v1.2.3