ExternalVendorCode/ZeroTierOne
1
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-01-31 00:23:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Likely fix for invalid MAC problem.

Browse Source
This commit is contained in:
Adam Ierymenko 2022-04-14 20:10:20 -04:00
parent cf03996bf2
commit 4389b9feff
No known key found for this signature in database
GPG Key ID: C8877CF2D7A5D7F3
2 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
node/IncomingPacket.cpp
View File

@ -47,14 +47,13 @@ bool IncomingPacket::tryDecode(const RuntimeEnvironment *RR,void *tPtr,int32_t f
try { try {
// Check for trusted paths or unencrypted HELLOs (HELLO is the only packet sent in the clear) // Check for trusted paths or unencrypted HELLOs (HELLO is the only packet sent in the clear)
const unsigned int c = cipher(); const unsigned int c = cipher();
bool trusted = false;
if (c == ZT_PROTO_CIPHER_SUITE__NO_CRYPTO_TRUSTED_PATH) { if (c == ZT_PROTO_CIPHER_SUITE__NO_CRYPTO_TRUSTED_PATH) {
// If this is marked as a packet via a trusted path, check source address and path ID. // If this is marked as a packet via a trusted path, check source address and path ID.
// Obviously if no trusted paths are configured this always returns false and such // Obviously if no trusted paths are configured this always returns false and such
// packets are dropped on the floor. // packets are dropped on the floor.
const uint64_t tpid = trustedPathId(); const uint64_t tpid = trustedPathId();
if (RR->topology->shouldInboundPathBeTrusted(_path->address(),tpid)) { if (RR->topology->shouldInboundPathBeTrusted(_path->address(),tpid)) {
trusted = true; _authenticated = true;
} else { } else {
RR->t->incomingPacketMessageAuthenticationFailure(tPtr,_path,packetId(),sourceAddress,hops(),"path not trusted"); RR->t->incomingPacketMessageAuthenticationFailure(tPtr,_path,packetId(),sourceAddress,hops(),"path not trusted");
return true; return true;
@ -66,7 +65,7 @@ bool IncomingPacket::tryDecode(const RuntimeEnvironment *RR,void *tPtr,int32_t f
const SharedPtr<Peer> peer(RR->topology->getPeer(tPtr,sourceAddress)); const SharedPtr<Peer> peer(RR->topology->getPeer(tPtr,sourceAddress));
if (peer) { if (peer) {
if (!trusted) { if (!_authenticated) {
if (!dearmor(peer->key(), peer->aesKeys())) { if (!dearmor(peer->key(), peer->aesKeys())) {
RR->t->incomingPacketMessageAuthenticationFailure(tPtr,_path,packetId(),sourceAddress,hops(),"invalid MAC"); RR->t->incomingPacketMessageAuthenticationFailure(tPtr,_path,packetId(),sourceAddress,hops(),"invalid MAC");
peer->recordIncomingInvalidPacket(_path); peer->recordIncomingInvalidPacket(_path);

9
node/IncomingPacket.hpp
View File

@ -51,7 +51,9 @@ class IncomingPacket : public Packet
public: public:
IncomingPacket() : IncomingPacket() :
Packet(), Packet(),
_receiveTime(0) _receiveTime(0),
_path(),
_authenticated(false)
{ {
} }
@ -67,7 +69,8 @@ public:
IncomingPacket(const void *data,unsigned int len,const SharedPtr<Path> &path,int64_t now) : IncomingPacket(const void *data,unsigned int len,const SharedPtr<Path> &path,int64_t now) :
Packet(data,len), Packet(data,len),
_receiveTime(now), _receiveTime(now),
_path(path) _path(path),
_authenticated(false)
{ {
} }
@ -85,6 +88,7 @@ public:
copyFrom(data,len); copyFrom(data,len);
_receiveTime = now; _receiveTime = now;
_path = path; _path = path;
_authenticated = false;
} }
/** /**
@ -134,6 +138,7 @@ private:
uint64_t _receiveTime; uint64_t _receiveTime;
SharedPtr<Path> _path; SharedPtr<Path> _path;
bool _authenticated;
}; };
} // namespace ZeroTier } // namespace ZeroTier