[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [tor/master] addr: Validate identity key when getting a suggestion
commit 9b2cadb492ee07ebb086b934b01ff8a5159fcc77
Author: David Goulet <dgoulet@xxxxxxxxxxxxxx>
Date: Wed Jul 8 07:46:12 2020 -0400
addr: Validate identity key when getting a suggestion
We do look at the address but with this we also look if the identity digest of
the relay suggesting us an address is a trusted source.
Related to #40022
Signed-off-by: David Goulet <dgoulet@xxxxxxxxxxxxxx>
---
src/core/or/channeltls.c | 3 ++-
src/feature/relay/relay_find_addr.c | 9 ++++++---
src/feature/relay/relay_find_addr.h | 3 ++-
3 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/src/core/or/channeltls.c b/src/core/or/channeltls.c
index 9198a8bfb..4db373097 100644
--- a/src/core/or/channeltls.c
+++ b/src/core/or/channeltls.c
@@ -1934,7 +1934,8 @@ channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan)
* we were unable to resolve it previously. The endpoint address is passed
* in order to make sure to never consider an address that is the same as
* our endpoint. */
- relay_address_new_suggestion(&my_apparent_addr, &chan->conn->real_addr);
+ relay_address_new_suggestion(&my_apparent_addr, &chan->conn->real_addr,
+ identity_digest);
if (! chan->conn->handshake_state->sent_netinfo) {
/* If we were prepared to authenticate, but we never got an AUTH_CHALLENGE
diff --git a/src/feature/relay/relay_find_addr.c b/src/feature/relay/relay_find_addr.c
index 699eb7e38..28b5985bb 100644
--- a/src/feature/relay/relay_find_addr.c
+++ b/src/feature/relay/relay_find_addr.c
@@ -55,12 +55,14 @@ router_guess_address_from_dir_headers(uint32_t *guess)
* passes. */
void
relay_address_new_suggestion(const tor_addr_t *suggested_addr,
- const tor_addr_t *peer_addr)
+ const tor_addr_t *peer_addr,
+ const char *identity_digest)
{
const or_options_t *options = get_options();
tor_assert(suggested_addr);
tor_assert(peer_addr);
+ tor_assert(identity_digest);
/* This should never be called on a non Tor relay. */
if (BUG(!server_mode(options))) {
@@ -68,8 +70,9 @@ relay_address_new_suggestion(const tor_addr_t *suggested_addr,
}
/* Is the peer a trusted source? Ignore anything coming from non trusted
- * source. In this case, we only look at trusted authorities. */
- if (!router_addr_is_trusted_dir(peer_addr)) {
+ * source. In this case, we only look at trusted directory authorities. */
+ if (!router_addr_is_trusted_dir(peer_addr) ||
+ !router_digest_is_trusted_dir(identity_digest)) {
return;
}
diff --git a/src/feature/relay/relay_find_addr.h b/src/feature/relay/relay_find_addr.h
index d856e706e..6f298e6c7 100644
--- a/src/feature/relay/relay_find_addr.h
+++ b/src/feature/relay/relay_find_addr.h
@@ -16,7 +16,8 @@ void router_new_address_suggestion(const char *suggestion,
const dir_connection_t *d_conn);
void relay_address_new_suggestion(const tor_addr_t *suggested_addr,
- const tor_addr_t *peer_addr);
+ const tor_addr_t *peer_addr,
+ const char *identity_digest);
#ifdef RELAY_FIND_ADDR_PRIVATE
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits