From 6696043580dc03990461938f77fec27ca256914d Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Mon, 12 Apr 2010 20:36:38 +0000 Subject: proper PONG validation --- src/transport/gnunet-service-transport.c | 26 ++++++++++++++++++++++---- src/transport/transport_api.c | 12 +++++++++--- 2 files changed, 31 insertions(+), 7 deletions(-) (limited to 'src/transport') diff --git a/src/transport/gnunet-service-transport.c b/src/transport/gnunet-service-transport.c index c2ca8bdb7..d05e88824 100644 --- a/src/transport/gnunet-service-transport.c +++ b/src/transport/gnunet-service-transport.c @@ -23,6 +23,15 @@ * @brief low-level P2P messaging * @author Christian Grothoff * + * TODO: + * - Need to validate *inbound* bi-directional transports (i.e., TCP) + * using PING-PONG and then SIGNAL 'connected' to core/etc.! + * (currently we neither validate those nor do we signal the + * connection); only after those, we should transmit data + * (we currently send and receive arbitrary data on inbound TCP + * connections even if they have not been validated and hand it + * to our clients!) + * * NOTE: * - This code uses 'GNUNET_a2s' for debug printing in many places, * which is technically wrong since it assumes we have IP+Port @@ -2341,6 +2350,15 @@ check_pending_validation (void *cls, if (ve->challenge != challenge) return GNUNET_YES; + if (GNUNET_OK != + GNUNET_CRYPTO_rsa_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PING, + &pong->purpose, + &pong->signature, + &ve->publicKey)) + { + GNUNET_break_op (0); + return GNUNET_YES; + } #if DEBUG_TRANSPORT GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, @@ -2392,8 +2410,8 @@ check_pending_validation (void *cls, n->distance = fal->distance; if (GNUNET_NO == n->received_pong) { - notify_clients_connect (&target, n->latency, n->distance); n->received_pong = GNUNET_YES; + notify_clients_connect (&target, n->latency, n->distance); } if (n->retry_task != GNUNET_SCHEDULER_NO_TASK) { @@ -2989,7 +3007,7 @@ handle_ping(void *cls, const struct GNUNET_MessageHeader *message, htonl (sizeof (struct GNUNET_CRYPTO_RsaSignaturePurpose) + sizeof (uint32_t) + sizeof (struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded) + sender_address_len); - pong->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_TCP_PING); + pong->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PING); pong->challenge = ping->challenge; pong->addrlen = htons(sender_address_len); memcpy(&pong->signer, @@ -3163,10 +3181,10 @@ plugin_env_receive (void *cls, const struct GNUNET_PeerIdentity *peer, process_hello (plugin, message); break; case GNUNET_MESSAGE_TYPE_TRANSPORT_PING: - handle_ping(plugin, message, peer, sender_address, sender_address_len); + handle_ping (plugin, message, peer, sender_address, sender_address_len); break; case GNUNET_MESSAGE_TYPE_TRANSPORT_PONG: - handle_pong(plugin, message, peer, sender_address, sender_address_len); + handle_pong (plugin, message, peer, sender_address, sender_address_len); break; default: #if DEBUG_TRANSPORT diff --git a/src/transport/transport_api.c b/src/transport/transport_api.c index ef2538baf..c7e711472 100644 --- a/src/transport/transport_api.c +++ b/src/transport/transport_api.c @@ -1577,9 +1577,15 @@ demultiplexer (void *cls, const struct GNUNET_MessageHeader *msg) #endif n = neighbour_find (h, &im->peer); if (n == NULL) - n = neighbour_add (h, &im->peer); - if (n == NULL) - break; + { + GNUNET_break (0); + break; + } + if (n->is_connected != GNUNET_YES) + { + GNUNET_break (0); + break; + } if (h->rec != NULL) h->rec (h->cls, &im->peer, imm, GNUNET_TIME_relative_ntoh (im->latency), ntohs(im->distance)); -- cgit v1.2.3