Merge pull request #5841

cae488d p2p: reject incoming connections to self (moneromooo-monero)
This commit is contained in:
luigi1111 2019-09-08 19:48:09 -05:00
commit 86938725ae
No known key found for this signature in database
GPG key ID: F4ACA0183641E010

View file

@ -2318,6 +2318,15 @@ namespace nodetool
network_zone& zone = m_network_zones.at(context.m_remote_address.get_zone()); network_zone& zone = m_network_zones.at(context.m_remote_address.get_zone());
// test only the remote end's zone, otherwise an attacker could connect to you on clearnet
// and pass in a tor connection's peer id, and deduce the two are the same if you reject it
if(arg.node_data.peer_id == zone.m_config.m_peer_id)
{
LOG_DEBUG_CC(context, "Connection to self detected, dropping connection");
drop_connection(context);
return 1;
}
if (zone.m_current_number_of_in_peers >= zone.m_config.m_net_config.max_in_connection_count) // in peers limit if (zone.m_current_number_of_in_peers >= zone.m_config.m_net_config.max_in_connection_count) // in peers limit
{ {
LOG_WARNING_CC(context, "COMMAND_HANDSHAKE came, but already have max incoming connections, so dropping this one."); LOG_WARNING_CC(context, "COMMAND_HANDSHAKE came, but already have max incoming connections, so dropping this one.");
@ -2344,7 +2353,7 @@ namespace nodetool
context.m_in_timedsync = false; context.m_in_timedsync = false;
context.m_rpc_port = arg.node_data.rpc_port; context.m_rpc_port = arg.node_data.rpc_port;
if(arg.node_data.peer_id != zone.m_config.m_peer_id && arg.node_data.my_port && zone.m_can_pingback) if(arg.node_data.my_port && zone.m_can_pingback)
{ {
peerid_type peer_id_l = arg.node_data.peer_id; peerid_type peer_id_l = arg.node_data.peer_id;
uint32_t port_l = arg.node_data.my_port; uint32_t port_l = arg.node_data.my_port;