forked from I2P_Developers/i2p.i2p
Router: Validate family sig at startup
when loaded from router.info, and discard if invalid or when family changed. This fixes some routers out there with bad sigs. Don't loop forever through LoadRouterInfoJob.
This commit is contained in:
zzz
@@ -104,11 +104,32 @@ class LoadRouterInfoJob extends JobImpl {
|
||||
if (_log.shouldLog(Log.DEBUG))
|
||||
_log.debug("Reading in routerInfo from " + rif.getAbsolutePath() + " and it has " + info.getAddresses().size() + " addresses");
|
||||
// don't reuse if family name changed
|
||||
if (DataHelper.eq(info.getOption(FamilyKeyCrypto.OPT_NAME),
|
||||
getContext().getProperty(FamilyKeyCrypto.PROP_FAMILY_NAME))) {
|
||||
String oldFamily = info.getOption(FamilyKeyCrypto.OPT_NAME);
|
||||
if (oldFamily == null) {
|
||||
_us = info;
|
||||
} else if (oldFamily.equals(getContext().getProperty(FamilyKeyCrypto.PROP_FAMILY_NAME))) {
|
||||
// This keeps the signature the same across restarts,
|
||||
// which is good because ECDSA creates a different signature each time,
|
||||
// but in some situations such as leaving and re-joining or recreating a family,
|
||||
// or copying router.info to a new router,
|
||||
// could lead to a bad signature being perpetuated forever.
|
||||
// Here we ignore and delete router.info if the sig is invalid.
|
||||
FamilyKeyCrypto fkc = getContext().router().getFamilyKeyCrypto();
|
||||
if (fkc != null && fkc.verifyOurFamily(info)) {
|
||||
_us = info;
|
||||
} else {
|
||||
_log.logAlways(Log.WARN, "NetDb family keys are invalid");
|
||||
// close and delete so we don't infinite loop
|
||||
try { fis1.close(); } catch (IOException ioe2) {}
|
||||
fis1 = null;
|
||||
rif.delete();
|
||||
}
|
||||
} else {
|
||||
_log.logAlways(Log.WARN, "NetDb family name changed");
|
||||
// close and delete so we don't infinite loop
|
||||
try { fis1.close(); } catch (IOException ioe2) {}
|
||||
fis1 = null;
|
||||
rif.delete();
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user