mirror of
https://github.com/tahoe-lafs/tahoe-lafs.git
synced 2025-01-04 20:24:12 +00:00
mutable: verify incoming share signatures during Publish, it's not that expensive and it's a good idea
This commit is contained in:
parent
a4606d6560
commit
30a91c84c8
@ -745,11 +745,13 @@ class Publish:
|
|||||||
(seqnum, root_hash, IV, k, N, segsize, datalen,
|
(seqnum, root_hash, IV, k, N, segsize, datalen,
|
||||||
pubkey_s, signature, prefix) = r
|
pubkey_s, signature, prefix) = r
|
||||||
|
|
||||||
# TODO: consider verifying the signature here. It's expensive.
|
# self._pubkey is present because we require read-before-replace
|
||||||
# What can an attacker (in this case the server) accomplish? They
|
valid = self._pubkey.verify(prefix, signature)
|
||||||
# could make us think that there's a newer version of the file
|
if not valid:
|
||||||
# out there, which would cause us to throw
|
self.log("WEIRD: bad signature from %s shnum %d" %
|
||||||
# UncoordinatedWriteError (i.e. it's a DoS attack).
|
(shnum, idlib.shortnodeid_b2a(peerid)))
|
||||||
|
continue
|
||||||
|
|
||||||
share = (shnum, seqnum, root_hash)
|
share = (shnum, seqnum, root_hash)
|
||||||
current_share_peers.add(shnum, (peerid, seqnum, root_hash) )
|
current_share_peers.add(shnum, (peerid, seqnum, root_hash) )
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user