don't do the netDb store of the peer's routerInfo until after we validate what they tell us (so we can shitlist them for the right reason) [thanks duck!]

router/java/src/net/i2p/router/transport/tcp/RestrictiveTCPConnection.java

@@ -260,9 +260,9 @@ class RestrictiveTCPConnection extends TCPConnection {
             boolean ok = identifyStationToStation();
             if (_log.shouldLog(Log.DEBUG)) _log.debug("After station to station [" + ok + "]...");
             
-            if (!ok)
+            if (!ok) {
                 throw new DataFormatException("Station to station identification failed!  MITM?");
-            
+            }
             
             if (_log.shouldLog(Log.DEBUG)) _log.debug("before validateVersion...");
             boolean versionOk = validateVersion();
@@ -284,6 +284,18 @@ class RestrictiveTCPConnection extends TCPConnection {
                 throw new DataFormatException("Peer is too far out of sync with the current router's clock!  dropping");
             }
             
+            try {
+                _context.netDb().store(_remoteIdentity.getHash(), _remoteInfo);
+            } catch (IllegalArgumentException iae) {
+                if (_log.shouldLog(Log.ERROR))
+                    _log.error("Peer gave us invalid router info", iae);
+                // not only do we remove the reference to the invalid peer
+                _context.netDb().fail(_remoteIdentity.getHash());
+                // but we make sure that we don't try to talk to them soon even if we get a new ref
+                _context.shitlist().shitlistRouter(_remoteIdentity.getHash(), "Invalid peer info");
+                throw new DataFormatException("Invalid peer info provided");
+            }
+            
             if (_log.shouldLog(Log.DEBUG)) _log.debug("before validate peer address...");
             boolean peerReachable = validatePeerAddress();
             if (_log.shouldLog(Log.DEBUG)) _log.debug("after validatePeerAddress [" + peerReachable + "]...");

router/java/src/net/i2p/router/transport/tcp/TCPConnection.java

@@ -59,6 +59,7 @@ class TCPConnection implements I2NPMessageReader.I2NPMessageEventListener {
     protected InputStream _in;
     protected OutputStream _out;
     protected RouterIdentity _remoteIdentity;
+    protected RouterInfo _remoteInfo;
     protected TCPTransport _transport;
     protected ConnectionRunner _runner;
     protected List _toBeSent;
@@ -191,15 +192,7 @@ class TCPConnection implements I2NPMessageReader.I2NPMessageEventListener {
         byte signedData[] = new byte[decr.length - rsig.getData().length];
         System.arraycopy(decr, 0, signedData, 0, signedData.length);
         boolean valid = _context.dsa().verifySignature(rsig, signedData, _remoteIdentity.getSigningPublicKey());
-        if (valid) {
-            try {
-                _context.netDb().store(_remoteIdentity.getHash(), peer);
-            } catch (IllegalArgumentException iae) {
-                if (_log.shouldLog(Log.ERROR))
-                    _log.error("Peer gave us invalid router info", iae);
-                valid = false;
-            }
-        }
+        _remoteInfo = peer;
         return valid;
     }