aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormoneromooo-monero <moneromooo-monero@users.noreply.github.com>2019-08-21 18:19:36 +0000
committermoneromooo-monero <moneromooo-monero@users.noreply.github.com>2019-08-22 17:08:29 +0000
commitcae488dc9b71a21a0ab9608ef8a030d3a422a853 (patch)
treef025fd5f880eaf5a95276768404f8d2ef06f8eef
parentMerge pull request #5696 (diff)
downloadmonero-cae488dc9b71a21a0ab9608ef8a030d3a422a853.tar.xz
p2p: reject incoming connections to self
-rw-r--r--src/p2p/net_node.inl11
1 files changed, 10 insertions, 1 deletions
diff --git a/src/p2p/net_node.inl b/src/p2p/net_node.inl
index 8c0cff7e2..590a024ed 100644
--- a/src/p2p/net_node.inl
+++ b/src/p2p/net_node.inl
@@ -2227,6 +2227,15 @@ namespace nodetool
network_zone& zone = m_network_zones.at(context.m_remote_address.get_zone());
+ // test only the remote end's zone, otherwise an attacker could connect to you on clearnet
+ // and pass in a tor connection's peer id, and deduce the two are the same if you reject it
+ if(arg.node_data.peer_id == zone.m_config.m_peer_id)
+ {
+ LOG_DEBUG_CC(context, "Connection to self detected, dropping connection");
+ drop_connection(context);
+ return 1;
+ }
+
if (zone.m_current_number_of_in_peers >= zone.m_config.m_net_config.max_in_connection_count) // in peers limit
{
LOG_WARNING_CC(context, "COMMAND_HANDSHAKE came, but already have max incoming connections, so dropping this one.");
@@ -2253,7 +2262,7 @@ namespace nodetool
context.m_in_timedsync = false;
context.m_rpc_port = arg.node_data.rpc_port;
- if(arg.node_data.peer_id != zone.m_config.m_peer_id && arg.node_data.my_port && zone.m_can_pingback)
+ if(arg.node_data.my_port && zone.m_can_pingback)
{
peerid_type peer_id_l = arg.node_data.peer_id;
uint32_t port_l = arg.node_data.my_port;