summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2019-08-05 16:57:41 +0200
committerJason A. Donenfeld <Jason@zx2c4.com>2019-08-05 16:57:41 +0200
commit4e3018a96725345d3b486ceb36dc143eb1b645c7 (patch)
treea82102a8479aa48e8ec89511c94b73591eda1025
parentb4010123f74470eeca0551a151dea3e7a7381bcc (diff)
uapi: skip peers with invalid keys
-rw-r--r--device/peer.go13
-rw-r--r--device/uapi.go7
2 files changed, 16 insertions, 4 deletions
diff --git a/device/peer.go b/device/peer.go
index 256e4f5..91d975a 100644
--- a/device/peer.go
+++ b/device/peer.go
@@ -68,7 +68,6 @@ type Peer struct {
}
func (device *Device) NewPeer(pk NoisePublicKey) (*Peer, error) {
-
if device.isClosed.Get() {
return nil, errors.New("device closed")
}
@@ -103,20 +102,28 @@ func (device *Device) NewPeer(pk NoisePublicKey) (*Peer, error) {
if ok {
return nil, errors.New("adding existing peer")
}
- device.peers.keyMap[pk] = peer
// pre-compute DH
handshake := &peer.handshake
handshake.mutex.Lock()
- handshake.remoteStatic = pk
handshake.precomputedStaticStatic = device.staticIdentity.privateKey.sharedSecret(pk)
+ ssIsZero := isZero(handshake.precomputedStaticStatic[:])
+ handshake.remoteStatic = pk
handshake.mutex.Unlock()
// reset endpoint
peer.endpoint = nil
+ // conditionally add
+
+ if !ssIsZero {
+ device.peers.keyMap[pk] = peer
+ } else {
+ return nil, nil
+ }
+
// start peer
if peer.device.isUp.Get() {
diff --git a/device/uapi.go b/device/uapi.go
index 99cb421..efa757b 100644
--- a/device/uapi.go
+++ b/device/uapi.go
@@ -243,7 +243,12 @@ func (device *Device) IpcSetOperation(socket *bufio.Reader) *IPCError {
logError.Println("Failed to create new peer:", err)
return &IPCError{ipc.IpcErrorInvalid}
}
- logDebug.Println(peer, "- UAPI: Created")
+ if peer == nil {
+ dummy = true
+ peer = &Peer{}
+ } else {
+ logDebug.Println(peer, "- UAPI: Created")
+ }
}
case "remove":