From aabcffae560d5fd00cd1d2ffce5d760353cf0a4d Mon Sep 17 00:00:00 2001
From: Tomasz Sterna <tomek@xiaoka.com>
Date: Mon, 6 Aug 2012 20:41:23 +0200
Subject: [PATCH] Fixed possibility of Unsolicited Dialback Attacks
---
s2s/out.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/s2s/out.c b/s2s/out.c
index 0ed9b30..7b9f44f 100644
--- a/s2s/out.c
+++ b/s2s/out.c
@@ -1661,7 +1661,7 @@ static void _out_result(conn_t out, nad_t nad) {
rkeylen = strlen(rkey);
/* key is valid */
- if(nad_find_attr(nad, 0, -1, "type", "valid") >= 0) {
+ if(nad_find_attr(nad, 0, -1, "type", "valid") >= 0 && xhash_get(out->states, rkey) == (void*) conn_INPROGRESS) {
log_write(out->s2s->log, LOG_NOTICE, "[%d] [%s, port=%d] outgoing route '%s' is now valid%s%s", out->fd->fd, out->ip, out->port, rkey, (out->s->flags & SX_SSL_WRAPPER) ? ", TLS negotiated" : "", out->s->compressed ? ", ZLIB compression enabled" : "");
xhash_put(out->states, pstrdup(xhash_pool(out->states), rkey), (void *) conn_VALID); /* !!! small leak here */
@@ -1749,7 +1749,7 @@ static void _out_verify(conn_t out, nad_t nad) {
rkey = s2s_route_key(NULL, to->domain, from->domain);
attr = nad_find_attr(nad, 0, -1, "type", "valid");
- if(attr >= 0) {
+ if(attr >= 0 && xhash_get(in->states, rkey) == (void*) conn_INPROGRESS) {
xhash_put(in->states, pstrdup(xhash_pool(in->states), rkey), (void *) conn_VALID);
log_write(in->s2s->log, LOG_NOTICE, "[%d] [%s, port=%d] incoming route '%s' is now valid%s%s", in->fd->fd, in->ip, in->port, rkey, (in->s->flags & SX_SSL_WRAPPER) ? ", TLS negotiated" : "", in->s->compressed ? ", ZLIB compression enabled" : "");
valid = 1;
--
1.7.10
distrib
>
Fedora
>
17
>
x86_64
>
media
>
updates-src
>
by-pkgid
>
c59237d48e6bd6d68478346f799e0312
>
files
>
1
