Skip to content
This repository
Browse code

Fixed possibility of Unsolicited Dialback Attacks

  • Loading branch information...
commit aabcffae560d5fd00cd1d2ffce5d760353cf0a4d 1 parent 0b1d913
Tomasz Sterna authored August 06, 2012

Showing 1 changed file with 2 additions and 2 deletions. Show diff stats Hide diff stats

  1. 4  s2s/out.c
4  s2s/out.c
@@ -1661,7 +1661,7 @@ static void _out_result(conn_t out, nad_t nad) {
1661 1661
     rkeylen = strlen(rkey);
1662 1662
 
1663 1663
     /* key is valid */
1664  
-    if(nad_find_attr(nad, 0, -1, "type", "valid") >= 0) {
  1664
+    if(nad_find_attr(nad, 0, -1, "type", "valid") >= 0 && xhash_get(out->states, rkey) == (void*) conn_INPROGRESS) {
1665 1665
         log_write(out->s2s->log, LOG_NOTICE, "[%d] [%s, port=%d] outgoing route '%s' is now valid%s%s", out->fd->fd, out->ip, out->port, rkey, (out->s->flags & SX_SSL_WRAPPER) ? ", TLS negotiated" : "", out->s->compressed ? ", ZLIB compression enabled" : "");
1666 1666
 
1667 1667
         xhash_put(out->states, pstrdup(xhash_pool(out->states), rkey), (void *) conn_VALID);    /* !!! small leak here */
@@ -1749,7 +1749,7 @@ static void _out_verify(conn_t out, nad_t nad) {
1749 1749
     rkey = s2s_route_key(NULL, to->domain, from->domain);
1750 1750
 
1751 1751
     attr = nad_find_attr(nad, 0, -1, "type", "valid");
1752  
-    if(attr >= 0) {
  1752
+    if(attr >= 0 && xhash_get(in->states, rkey) == (void*) conn_INPROGRESS) {
1753 1753
         xhash_put(in->states, pstrdup(xhash_pool(in->states), rkey), (void *) conn_VALID);
1754 1754
         log_write(in->s2s->log, LOG_NOTICE, "[%d] [%s, port=%d] incoming route '%s' is now valid%s%s", in->fd->fd, in->ip, in->port, rkey, (in->s->flags & SX_SSL_WRAPPER) ? ", TLS negotiated" : "", in->s->compressed ? ", ZLIB compression enabled" : "");
1755 1755
         valid = 1;

0 notes on commit aabcffa

Please sign in to comment.
Something went wrong with that request. Please try again.