diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2019-08-05 16:57:41 +0200 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2019-08-05 16:57:41 +0200 |
commit | 4e3018a96725345d3b486ceb36dc143eb1b645c7 (patch) | |
tree | a82102a8479aa48e8ec89511c94b73591eda1025 | |
parent | b4010123f74470eeca0551a151dea3e7a7381bcc (diff) |
uapi: skip peers with invalid keys
-rw-r--r-- | device/peer.go | 13 | ||||
-rw-r--r-- | device/uapi.go | 7 |
2 files changed, 16 insertions, 4 deletions
diff --git a/device/peer.go b/device/peer.go index 256e4f5..91d975a 100644 --- a/device/peer.go +++ b/device/peer.go @@ -68,7 +68,6 @@ type Peer struct { } func (device *Device) NewPeer(pk NoisePublicKey) (*Peer, error) { - if device.isClosed.Get() { return nil, errors.New("device closed") } @@ -103,20 +102,28 @@ func (device *Device) NewPeer(pk NoisePublicKey) (*Peer, error) { if ok { return nil, errors.New("adding existing peer") } - device.peers.keyMap[pk] = peer // pre-compute DH handshake := &peer.handshake handshake.mutex.Lock() - handshake.remoteStatic = pk handshake.precomputedStaticStatic = device.staticIdentity.privateKey.sharedSecret(pk) + ssIsZero := isZero(handshake.precomputedStaticStatic[:]) + handshake.remoteStatic = pk handshake.mutex.Unlock() // reset endpoint peer.endpoint = nil + // conditionally add + + if !ssIsZero { + device.peers.keyMap[pk] = peer + } else { + return nil, nil + } + // start peer if peer.device.isUp.Get() { diff --git a/device/uapi.go b/device/uapi.go index 99cb421..efa757b 100644 --- a/device/uapi.go +++ b/device/uapi.go @@ -243,7 +243,12 @@ func (device *Device) IpcSetOperation(socket *bufio.Reader) *IPCError { logError.Println("Failed to create new peer:", err) return &IPCError{ipc.IpcErrorInvalid} } - logDebug.Println(peer, "- UAPI: Created") + if peer == nil { + dummy = true + peer = &Peer{} + } else { + logDebug.Println(peer, "- UAPI: Created") + } } case "remove": |