addr: Validate identity key when getting a suggestion

We do look at the address but with this we also look if the identity digest of the relay suggesting us an address is a trusted source. Related to #40022 Signed-off-by: David Goulet <dgoulet@torproject.org>
2024-11-24 12:23:32 +01:00 · 2020-07-08 07:46:12 -04:00 · 2020-07-08 07:46:12 -04:00 · 9b2cadb492
commit 9b2cadb492
parent 15be1ff8ad
3 changed files with 10 additions and 5 deletions
--- a/src/core/or/channeltls.c
+++ b/src/core/or/channeltls.c
@ -1934,7 +1934,8 @@ channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan)
   * we were unable to resolve it previously. The endpoint address is passed
   * in order to make sure to never consider an address that is the same as
   * our endpoint. */
-  relay_address_new_suggestion(&my_apparent_addr, &chan->conn->real_addr);
+  relay_address_new_suggestion(&my_apparent_addr, &chan->conn->real_addr,
+                               identity_digest);

  if (! chan->conn->handshake_state->sent_netinfo) {
    /* If we were prepared to authenticate, but we never got an AUTH_CHALLENGE
--- a/src/feature/relay/relay_find_addr.c
+++ b/src/feature/relay/relay_find_addr.c
@ -55,12 +55,14 @@ router_guess_address_from_dir_headers(uint32_t *guess)
 * passes. */
 void
 relay_address_new_suggestion(const tor_addr_t *suggested_addr,
-                             const tor_addr_t *peer_addr)
+                             const tor_addr_t *peer_addr,
+                             const char *identity_digest)
 {
  const or_options_t *options = get_options();

  tor_assert(suggested_addr);
  tor_assert(peer_addr);
+  tor_assert(identity_digest);

  /* This should never be called on a non Tor relay. */
  if (BUG(!server_mode(options))) {
@ -68,8 +70,9 @@ relay_address_new_suggestion(const tor_addr_t *suggested_addr,
  }

  /* Is the peer a trusted source? Ignore anything coming from non trusted
-   * source. In this case, we only look at trusted authorities. */
-  if (!router_addr_is_trusted_dir(peer_addr)) {
+   * source. In this case, we only look at trusted directory authorities. */
+  if (!router_addr_is_trusted_dir(peer_addr) ||
+      !router_digest_is_trusted_dir(identity_digest)) {
    return;
  }

--- a/src/feature/relay/relay_find_addr.h
+++ b/src/feature/relay/relay_find_addr.h
@ -16,7 +16,8 @@ void router_new_address_suggestion(const char *suggestion,
                                   const dir_connection_t *d_conn);

 void relay_address_new_suggestion(const tor_addr_t *suggested_addr,
-                                  const tor_addr_t *peer_addr);
+                                  const tor_addr_t *peer_addr,
+                                  const char *identity_digest);

 #ifdef RELAY_FIND_ADDR_PRIVATE