Forbid protocol version rollback.
When we know a node's ECDSA key, we only allow communication via the SPTPS protocol.
This commit is contained in:
Guus Sliepen
parent
fab2965d38
commit
e82bec6670
1 changed files with 11 additions and 5 deletions
|
|
@ -324,7 +324,7 @@ bool id_h(connection_t *c, const char *request) {
|
||||||
|
|
||||||
if(c->protocol_major != myself->connection->protocol_major) {
|
if(c->protocol_major != myself->connection->protocol_major) {
|
||||||
logger(DEBUG_ALWAYS, LOG_ERR, "Peer %s (%s) uses incompatible version %d.%d",
|
logger(DEBUG_ALWAYS, LOG_ERR, "Peer %s (%s) uses incompatible version %d.%d",
|
||||||
c->name, c->hostname, c->protocol_major, c->protocol_minor);
|
c->name, c->hostname, c->protocol_major, c->protocol_minor);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -346,15 +346,21 @@ bool id_h(connection_t *c, const char *request) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(experimental && c->protocol_minor >= 2) {
|
if(experimental)
|
||||||
if(!read_ecdsa_public_key(c))
|
read_ecdsa_public_key(c);
|
||||||
return false;
|
|
||||||
}
|
|
||||||
} else {
|
} else {
|
||||||
if(c->protocol_minor && !ecdsa_active(c->ecdsa))
|
if(c->protocol_minor && !ecdsa_active(c->ecdsa))
|
||||||
c->protocol_minor = 1;
|
c->protocol_minor = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Forbid version rollback for nodes whose ECDSA key we know */
|
||||||
|
|
||||||
|
if(ecdsa_active(c->ecdsa) && c->protocol_minor < 2) {
|
||||||
|
logger(DEBUG_ALWAYS, LOG_ERR, "Peer %s (%s) tries to roll back protocol version to %d.%d",
|
||||||
|
c->name, c->hostname, c->protocol_major, c->protocol_minor);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
c->allow_request = METAKEY;
|
c->allow_request = METAKEY;
|
||||||
|
|
||||||
if(c->protocol_minor >= 2) {
|
if(c->protocol_minor >= 2) {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue