mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-28 06:13:31 +01:00
addr: Validate identity key when getting a suggestion
We do look at the address but with this we also look if the identity digest of the relay suggesting us an address is a trusted source. Related to #40022 Signed-off-by: David Goulet <dgoulet@torproject.org>
This commit is contained in:
parent
15be1ff8ad
commit
9b2cadb492
@ -1934,7 +1934,8 @@ channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan)
|
||||
* we were unable to resolve it previously. The endpoint address is passed
|
||||
* in order to make sure to never consider an address that is the same as
|
||||
* our endpoint. */
|
||||
relay_address_new_suggestion(&my_apparent_addr, &chan->conn->real_addr);
|
||||
relay_address_new_suggestion(&my_apparent_addr, &chan->conn->real_addr,
|
||||
identity_digest);
|
||||
|
||||
if (! chan->conn->handshake_state->sent_netinfo) {
|
||||
/* If we were prepared to authenticate, but we never got an AUTH_CHALLENGE
|
||||
|
@ -55,12 +55,14 @@ router_guess_address_from_dir_headers(uint32_t *guess)
|
||||
* passes. */
|
||||
void
|
||||
relay_address_new_suggestion(const tor_addr_t *suggested_addr,
|
||||
const tor_addr_t *peer_addr)
|
||||
const tor_addr_t *peer_addr,
|
||||
const char *identity_digest)
|
||||
{
|
||||
const or_options_t *options = get_options();
|
||||
|
||||
tor_assert(suggested_addr);
|
||||
tor_assert(peer_addr);
|
||||
tor_assert(identity_digest);
|
||||
|
||||
/* This should never be called on a non Tor relay. */
|
||||
if (BUG(!server_mode(options))) {
|
||||
@ -68,8 +70,9 @@ relay_address_new_suggestion(const tor_addr_t *suggested_addr,
|
||||
}
|
||||
|
||||
/* Is the peer a trusted source? Ignore anything coming from non trusted
|
||||
* source. In this case, we only look at trusted authorities. */
|
||||
if (!router_addr_is_trusted_dir(peer_addr)) {
|
||||
* source. In this case, we only look at trusted directory authorities. */
|
||||
if (!router_addr_is_trusted_dir(peer_addr) ||
|
||||
!router_digest_is_trusted_dir(identity_digest)) {
|
||||
return;
|
||||
}
|
||||
|
||||
|
@ -16,7 +16,8 @@ void router_new_address_suggestion(const char *suggestion,
|
||||
const dir_connection_t *d_conn);
|
||||
|
||||
void relay_address_new_suggestion(const tor_addr_t *suggested_addr,
|
||||
const tor_addr_t *peer_addr);
|
||||
const tor_addr_t *peer_addr,
|
||||
const char *identity_digest);
|
||||
|
||||
#ifdef RELAY_FIND_ADDR_PRIVATE
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user