I2P_Developers/i2p.itoopie
3
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

don't do the netDb store of the peer's routerInfo until after we validate what they tell us (so we can shitlist them for the right reason) [thanks duck!]

Browse Source
This commit is contained in:
jrandom
2004-08-18 07:23:01 +00:00
committed by zzz
parent 9753470dcb
commit 3d6a40a683
2 changed files with 16 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
router/java/src/net/i2p/router/transport/tcp/RestrictiveTCPConnection.java
View File

@ -260,9 +260,9 @@ class RestrictiveTCPConnection extends TCPConnection {
boolean ok = identifyStationToStation(); boolean ok = identifyStationToStation();
if (_log.shouldLog(Log.DEBUG)) _log.debug("After station to station [" + ok + "]..."); if (_log.shouldLog(Log.DEBUG)) _log.debug("After station to station [" + ok + "]...");
if (!ok) if (!ok) {
throw new DataFormatException("Station to station identification failed! MITM?"); throw new DataFormatException("Station to station identification failed! MITM?");
}
if (_log.shouldLog(Log.DEBUG)) _log.debug("before validateVersion..."); if (_log.shouldLog(Log.DEBUG)) _log.debug("before validateVersion...");
boolean versionOk = validateVersion(); boolean versionOk = validateVersion();
@ -284,6 +284,18 @@ class RestrictiveTCPConnection extends TCPConnection {
throw new DataFormatException("Peer is too far out of sync with the current router's clock! dropping"); throw new DataFormatException("Peer is too far out of sync with the current router's clock! dropping");
} }
try {
_context.netDb().store(_remoteIdentity.getHash(), _remoteInfo);
} catch (IllegalArgumentException iae) {
if (_log.shouldLog(Log.ERROR))
_log.error("Peer gave us invalid router info", iae);
// not only do we remove the reference to the invalid peer
_context.netDb().fail(_remoteIdentity.getHash());
// but we make sure that we don't try to talk to them soon even if we get a new ref
_context.shitlist().shitlistRouter(_remoteIdentity.getHash(), "Invalid peer info");
throw new DataFormatException("Invalid peer info provided");
}
if (_log.shouldLog(Log.DEBUG)) _log.debug("before validate peer address..."); if (_log.shouldLog(Log.DEBUG)) _log.debug("before validate peer address...");
boolean peerReachable = validatePeerAddress(); boolean peerReachable = validatePeerAddress();
if (_log.shouldLog(Log.DEBUG)) _log.debug("after validatePeerAddress [" + peerReachable + "]..."); if (_log.shouldLog(Log.DEBUG)) _log.debug("after validatePeerAddress [" + peerReachable + "]...");

11
router/java/src/net/i2p/router/transport/tcp/TCPConnection.java
View File

@ -59,6 +59,7 @@ class TCPConnection implements I2NPMessageReader.I2NPMessageEventListener {
protected InputStream _in; protected InputStream _in;
protected OutputStream _out; protected OutputStream _out;
protected RouterIdentity _remoteIdentity; protected RouterIdentity _remoteIdentity;
protected RouterInfo _remoteInfo;
protected TCPTransport _transport; protected TCPTransport _transport;
protected ConnectionRunner _runner; protected ConnectionRunner _runner;
protected List _toBeSent; protected List _toBeSent;
@ -191,15 +192,7 @@ class TCPConnection implements I2NPMessageReader.I2NPMessageEventListener {
byte signedData[] = new byte[decr.length - rsig.getData().length]; byte signedData[] = new byte[decr.length - rsig.getData().length];
System.arraycopy(decr, 0, signedData, 0, signedData.length); System.arraycopy(decr, 0, signedData, 0, signedData.length);
boolean valid = _context.dsa().verifySignature(rsig, signedData, _remoteIdentity.getSigningPublicKey()); boolean valid = _context.dsa().verifySignature(rsig, signedData, _remoteIdentity.getSigningPublicKey());
if (valid) { _remoteInfo = peer;
try {
_context.netDb().store(_remoteIdentity.getHash(), peer);
} catch (IllegalArgumentException iae) {
if (_log.shouldLog(Log.ERROR))
_log.error("Peer gave us invalid router info", iae);
valid = false;
}
}
return valid; return valid;
} }