aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAaron Hook <ahook@protonmail.com>2020-03-07 17:38:22 +0000
committermoneromooo-monero <moneromooo-monero@users.noreply.github.com>2020-03-07 18:12:59 +0000
commit7b9017f67140c3fd136502e8cff6bd44d15996c0 (patch)
tree21d8263d14b946b711ac42e46e3eef7b3e5a4f77
parentMerge pull request #6248 (diff)
downloadmonero-7b9017f67140c3fd136502e8cff6bd44d15996c0.tar.xz
p2p: plug tor to clearnet association vector
During the handshake for an incoming connection, the peer id is checked against the local node's peer id only for the specific zone of the incoming peer, in order to avoid linking public addresses to tor addresses: https://github.com/monero-project/monero/blob/5d7ae2d2791c0244a221872a7ac62627abb81896/src/p2p/net_node.inl#L2343 However, on handshakes for outgoing connections, all zones are checked: https://github.com/monero-project/monero/blob/5d7ae2d2791c0244a221872a7ac62627abb81896/src/p2p/net_node.inl#L1064 If an attacker wanted to link a specific tor node to a public node, they could potentially connect to as many public nodes as possible, get themselves added to the peer whitelist, maybe stuff some more attacker-owned addresses into the greylist, then disconnect, and for any future incoming connections, respond with the tor node's id in an attempt to link the public/tor addresses.
-rw-r--r--src/p2p/net_node.inl14
1 files changed, 6 insertions, 8 deletions
diff --git a/src/p2p/net_node.inl b/src/p2p/net_node.inl
index 217cadc30..d9035fc22 100644
--- a/src/p2p/net_node.inl
+++ b/src/p2p/net_node.inl
@@ -1060,17 +1060,15 @@ namespace nodetool
pi = context.peer_id = rsp.node_data.peer_id;
context.m_rpc_port = rsp.node_data.rpc_port;
context.m_rpc_credits_per_hash = rsp.node_data.rpc_credits_per_hash;
- m_network_zones.at(context.m_remote_address.get_zone()).m_peerlist.set_peer_just_seen(rsp.node_data.peer_id, context.m_remote_address, context.m_pruning_seed, context.m_rpc_port, context.m_rpc_credits_per_hash);
+ network_zone& zone = m_network_zones.at(context.m_remote_address.get_zone());
+ zone.m_peerlist.set_peer_just_seen(rsp.node_data.peer_id, context.m_remote_address, context.m_pruning_seed, context.m_rpc_port, context.m_rpc_credits_per_hash);
// move
- for (auto const& zone : m_network_zones)
+ if(rsp.node_data.peer_id == zone.m_config.m_peer_id)
{
- if(rsp.node_data.peer_id == zone.second.m_config.m_peer_id)
- {
- LOG_DEBUG_CC(context, "Connection to self detected, dropping connection");
- hsh_result = false;
- return;
- }
+ LOG_DEBUG_CC(context, "Connection to self detected, dropping connection");
+ hsh_result = false;
+ return;
}
LOG_INFO_CC(context, "New connection handshaked, pruning seed " << epee::string_tools::to_string_hex(context.m_pruning_seed));
LOG_DEBUG_CC(context, " COMMAND_HANDSHAKE INVOKED OK");