Mirrors/i2pd
2
0
Fork 0
mirror of https://github.com/PurpleI2P/i2pd.git synced 2025-08-26 10:10:24 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

don't verify signature for close and reset packets if came from ECIESx25519 session
Some checks are pending
Build Debian packages / bookworm (push) Waiting to run
Details
Build Debian packages / bullseye (push) Waiting to run
Details
Build Debian packages / trixie (push) Waiting to run
Details
Build on FreeBSD / with UPnP (push) Waiting to run
Details
Build on OSX / With USE_UPNP=no (push) Waiting to run
Details
Build on OSX / With USE_UPNP=yes (push) Waiting to run
Details
Build on Windows / clang-x86_64 (push) Waiting to run
Details
Build on Windows / i686 (push) Waiting to run
Details
Build on Windows / ucrt-x86_64 (push) Waiting to run
Details
Build on Windows / x86_64 (push) Waiting to run
Details
Build on Windows / CMake clang-x86_64 (push) Waiting to run
Details
Build on Windows / CMake i686 (push) Waiting to run
Details
Build on Windows / CMake ucrt-x86_64 (push) Waiting to run
Details
Build on Windows / CMake x86_64 (push) Waiting to run
Details
Build on Windows / XP (push) Waiting to run
Details
Build on Ubuntu / Make with USE_UPNP=no (push) Waiting to run
Details
Build on Ubuntu / Make with USE_UPNP=yes (push) Waiting to run
Details
Build on Ubuntu / CMake with -DWITH_UPNP=OFF (push) Waiting to run
Details
Build on Ubuntu / CMake with -DWITH_UPNP=ON (push) Waiting to run
Details
Build containers / Building container for linux/amd64 (push) Waiting to run
Details
Build containers / Building container for linux/arm64 (push) Waiting to run
Details
Build containers / Building container for linux/arm/v7 (push) Waiting to run
Details
Build containers / Building container for linux/386 (push) Waiting to run
Details
Build containers / Pushing merged manifest (push) Blocked by required conditions
Details

Browse source
This commit is contained in:
orignal 2025-08-06 10:50:10 -04:00
parent f5b57283b3
commit aca5f35fa0
1 changed files with 31 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

34
libi2pd/Streaming.cpp
View file

@ -461,9 +461,10 @@ namespace stream
optionData += 2; optionData += 2;
} }
bool sessionVerified = false; bool verified = true;
if (flags & PACKET_FLAG_FROM_INCLUDED) if (flags & PACKET_FLAG_FROM_INCLUDED)
{ {
verified = false;
if (m_RemoteLeaseSet) m_RemoteIdentity = m_RemoteLeaseSet->GetIdentity (); if (m_RemoteLeaseSet) m_RemoteIdentity = m_RemoteLeaseSet->GetIdentity ();
if (!m_RemoteIdentity) if (!m_RemoteIdentity)
m_RemoteIdentity = std::make_shared<i2p::data::IdentityEx>(optionData, optionSize); m_RemoteIdentity = std::make_shared<i2p::data::IdentityEx>(optionData, optionSize);
@ -490,7 +491,7 @@ namespace stream
m_RemoteIdentity->GetIdentHash ().ToBase32 ()); m_RemoteIdentity->GetIdentHash ().ToBase32 ());
return false; return false;
} }
sessionVerified = true; verified = true;
if (!(flags & PACKET_FLAG_SIGNATURE_INCLUDED)) if (!(flags & PACKET_FLAG_SIGNATURE_INCLUDED))
m_DontSign = true; // don't sign if the remote didn't sign m_DontSign = true; // don't sign if the remote didn't sign
} }
@ -503,6 +504,27 @@ namespace stream
optionData += 2; optionData += 2;
} }
if (flags & (PACKET_FLAG_CLOSE | PACKET_FLAG_RESET))
{
verified = false;
if (packet->from && !m_RemoteLeaseSet && m_RemoteIdentity)
m_RemoteLeaseSet = m_LocalDestination.GetOwner ()->FindLeaseSet (m_RemoteIdentity->GetIdentHash ());
if (m_RemoteLeaseSet)
{
uint8_t staticKey[32];
m_RemoteLeaseSet->Encrypt (nullptr, staticKey);
if (memcmp (packet->from->GetRemoteStaticKey (), staticKey, 32))
{
LogPrint (eLogError, "Streaming: Remote LeaseSet static key mismatch for stream from ",
m_RemoteIdentity->GetIdentHash ().ToBase32 ());
return false;
}
verified = true;
}
else // invalid stream, safe to close
verified = true;
}
if (flags & PACKET_FLAG_OFFLINE_SIGNATURE) if (flags & PACKET_FLAG_OFFLINE_SIGNATURE)
{ {
if (!m_RemoteIdentity) if (!m_RemoteIdentity)
@ -510,7 +532,7 @@ namespace stream
LogPrint (eLogInfo, "Streaming: offline signature without identity"); LogPrint (eLogInfo, "Streaming: offline signature without identity");
return false; return false;
} }
if (sessionVerified) if (verified)
{ {
// skip offline signature // skip offline signature
optionData += 4; // timestamp optionData += 4; // timestamp
@ -558,7 +580,6 @@ namespace stream
LogPrint (eLogError, "Streaming: Signature too big, ", signatureLen, " bytes"); LogPrint (eLogError, "Streaming: Signature too big, ", signatureLen, " bytes");
return false; return false;
} }
bool verified = sessionVerified;
if (!verified) // packet was not verified through session if (!verified) // packet was not verified through session
{ {
// verify actual signature // verify actual signature
@ -593,6 +614,11 @@ namespace stream
return false; return false;
} }
} }
if (!verified)
{
LogPrint (eLogError, "Streaming: Missing signature, sSID=", m_SendStreamID, ", rSID=", m_RecvStreamID);
return false;
}
if (immediateAckRequested) if (immediateAckRequested)
SendQuickAck (); SendQuickAck ();
return true; return true;