diff options
author | luigi1111 <luigi1111w@gmail.com> | 2019-09-08 19:48:09 -0500 |
---|---|---|
committer | luigi1111 <luigi1111w@gmail.com> | 2019-09-08 19:48:09 -0500 |
commit | 86938725ae6c8097ecc1e7ea2032d9143f3f84c7 (patch) | |
tree | 89aaa4a182de91b6b7c36cfd04aff106bce3f5d0 /src/p2p/net_node.inl | |
parent | Merge pull request #5840 (diff) | |
parent | p2p: reject incoming connections to self (diff) | |
download | monero-86938725ae6c8097ecc1e7ea2032d9143f3f84c7.tar.xz |
Merge pull request #5841
cae488d p2p: reject incoming connections to self (moneromooo-monero)
Diffstat (limited to 'src/p2p/net_node.inl')
-rw-r--r-- | src/p2p/net_node.inl | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/src/p2p/net_node.inl b/src/p2p/net_node.inl index 56abb421f..97a18b519 100644 --- a/src/p2p/net_node.inl +++ b/src/p2p/net_node.inl @@ -2318,6 +2318,15 @@ namespace nodetool network_zone& zone = m_network_zones.at(context.m_remote_address.get_zone()); + // test only the remote end's zone, otherwise an attacker could connect to you on clearnet + // and pass in a tor connection's peer id, and deduce the two are the same if you reject it + if(arg.node_data.peer_id == zone.m_config.m_peer_id) + { + LOG_DEBUG_CC(context, "Connection to self detected, dropping connection"); + drop_connection(context); + return 1; + } + if (zone.m_current_number_of_in_peers >= zone.m_config.m_net_config.max_in_connection_count) // in peers limit { LOG_WARNING_CC(context, "COMMAND_HANDSHAKE came, but already have max incoming connections, so dropping this one."); @@ -2344,7 +2353,7 @@ namespace nodetool context.m_in_timedsync = false; context.m_rpc_port = arg.node_data.rpc_port; - if(arg.node_data.peer_id != zone.m_config.m_peer_id && arg.node_data.my_port && zone.m_can_pingback) + if(arg.node_data.my_port && zone.m_can_pingback) { peerid_type peer_id_l = arg.node_data.peer_id; uint32_t port_l = arg.node_data.my_port; |