proper PONG validation

diff --git a/src/transport/gnunet-service-transport.c b/src/transport/gnunet-service-transport.c
index c2ca8bdb7c605cc232c6a5ce46d3607407d4dda5..d05e8882443291a9c3c0ebca959d7bbad479bb2a 100644 (file)
--- a/src/transport/gnunet-service-transport.c
+++ b/src/transport/gnunet-service-transport.c
@@ -23,6 +23,15 @@
  * @brief low-level P2P messaging
  * @author Christian Grothoff
  *
+ * TODO:
+ * - Need to validate *inbound* bi-directional transports (i.e., TCP)
+ *   using PING-PONG and then SIGNAL 'connected' to core/etc.!
+ *   (currently we neither validate those nor do we signal the
+ *    connection); only after those, we should transmit data
+ *   (we currently send and receive arbitrary data on inbound TCP 
+ *    connections even if they have not been validated and hand it
+ *    to our clients!)
+ *
  * NOTE:
  * - This code uses 'GNUNET_a2s' for debug printing in many places,
  *   which is technically wrong since it assumes we have IP+Port 
@@ -2341,6 +2350,15 @@ check_pending_validation (void *cls,
 
   if (ve->challenge != challenge)
     return GNUNET_YES;
+  if (GNUNET_OK !=
+      GNUNET_CRYPTO_rsa_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PING,
+                               &pong->purpose, 
+                               &pong->signature,
+                               &ve->publicKey))
+    {
+      GNUNET_break_op (0);
+      return GNUNET_YES;
+    }
 
 #if DEBUG_TRANSPORT
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
@@ -2392,8 +2410,8 @@ check_pending_validation (void *cls,
       n->distance = fal->distance;
       if (GNUNET_NO == n->received_pong)
        {
-         notify_clients_connect (&target, n->latency, n->distance);
          n->received_pong = GNUNET_YES;
+         notify_clients_connect (&target, n->latency, n->distance);
        }
       if (n->retry_task != GNUNET_SCHEDULER_NO_TASK)
        {
@@ -2989,7 +3007,7 @@ handle_ping(void *cls, const struct GNUNET_MessageHeader *message,
     htonl (sizeof (struct GNUNET_CRYPTO_RsaSignaturePurpose) +
            sizeof (uint32_t) +
            sizeof (struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded) + sender_address_len);
-  pong->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_TCP_PING);
+  pong->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PING);
   pong->challenge = ping->challenge;
   pong->addrlen = htons(sender_address_len);
   memcpy(&pong->signer, 
@@ -3163,10 +3181,10 @@ plugin_env_receive (void *cls, const struct GNUNET_PeerIdentity *peer,
          process_hello (plugin, message);
          break;
        case GNUNET_MESSAGE_TYPE_TRANSPORT_PING:
-         handle_ping(plugin, message, peer, sender_address, sender_address_len);
+         handle_ping (plugin, message, peer, sender_address, sender_address_len);
          break;
        case GNUNET_MESSAGE_TYPE_TRANSPORT_PONG:
-         handle_pong(plugin, message, peer, sender_address, sender_address_len);
+         handle_pong (plugin, message, peer, sender_address, sender_address_len);
          break;
        default:
 #if DEBUG_TRANSPORT

diff --git a/src/transport/transport_api.c b/src/transport/transport_api.c
index ef2538baf9b6125a6b8256b74175b9e237fb9b94..c7e7114725c56cd0ba2a3efe19c46685f5ecb2a9 100644 (file)
--- a/src/transport/transport_api.c
+++ b/src/transport/transport_api.c
@@ -1577,9 +1577,15 @@ demultiplexer (void *cls, const struct GNUNET_MessageHeader *msg)
 #endif      
       n = neighbour_find (h, &im->peer);
       if (n == NULL)
-       n = neighbour_add (h, &im->peer);
-      if (n == NULL) 
-       break;
+       {
+         GNUNET_break (0);
+         break;
+       }
+      if (n->is_connected != GNUNET_YES)
+       {
+         GNUNET_break (0);
+         break;
+       }
       if (h->rec != NULL)
        h->rec (h->cls, &im->peer, imm,
                GNUNET_TIME_relative_ntoh (im->latency), ntohs(im->distance));