p2p: reject incoming connections to self

This commit is contained in:
moneromooo-monero 2019-08-21 18:19:36 +00:00
parent c9df9d683a
commit cae488dc9b
No known key found for this signature in database
GPG key ID: 686F07454D6CEFC3

View file

@ -2227,6 +2227,15 @@ namespace nodetool
network_zone& zone = m_network_zones.at(context.m_remote_address.get_zone()); network_zone& zone = m_network_zones.at(context.m_remote_address.get_zone());
// test only the remote end's zone, otherwise an attacker could connect to you on clearnet
// and pass in a tor connection's peer id, and deduce the two are the same if you reject it
if(arg.node_data.peer_id == zone.m_config.m_peer_id)
{
LOG_DEBUG_CC(context, "Connection to self detected, dropping connection");
drop_connection(context);
return 1;
}
if (zone.m_current_number_of_in_peers >= zone.m_config.m_net_config.max_in_connection_count) // in peers limit if (zone.m_current_number_of_in_peers >= zone.m_config.m_net_config.max_in_connection_count) // in peers limit
{ {
LOG_WARNING_CC(context, "COMMAND_HANDSHAKE came, but already have max incoming connections, so dropping this one."); LOG_WARNING_CC(context, "COMMAND_HANDSHAKE came, but already have max incoming connections, so dropping this one.");
@ -2253,7 +2262,7 @@ namespace nodetool
context.m_in_timedsync = false; context.m_in_timedsync = false;
context.m_rpc_port = arg.node_data.rpc_port; context.m_rpc_port = arg.node_data.rpc_port;
if(arg.node_data.peer_id != zone.m_config.m_peer_id && arg.node_data.my_port && zone.m_can_pingback) if(arg.node_data.my_port && zone.m_can_pingback)
{ {
peerid_type peer_id_l = arg.node_data.peer_id; peerid_type peer_id_l = arg.node_data.peer_id;
uint32_t port_l = arg.node_data.my_port; uint32_t port_l = arg.node_data.my_port;