uapi: skip peers with invalid keys

2024-11-15 01:05:15 +01:00 · 2019-08-05 16:57:41 +02:00 · 2019-08-05 16:57:41 +02:00 · 4e3018a967
commit 4e3018a967
parent b4010123f7
2 changed files with 16 additions and 4 deletions
--- a/device/peer.go
+++ b/device/peer.go
@ -68,7 +68,6 @@ type Peer struct {
 }

 func (device *Device) NewPeer(pk NoisePublicKey) (*Peer, error) {
-
 	if device.isClosed.Get() {
 		return nil, errors.New("device closed")
 	}
@ -103,20 +102,28 @@ func (device *Device) NewPeer(pk NoisePublicKey) (*Peer, error) {
 	if ok {
 		return nil, errors.New("adding existing peer")
 	}
-	device.peers.keyMap[pk] = peer

 	// pre-compute DH

 	handshake := &peer.handshake
 	handshake.mutex.Lock()
-	handshake.remoteStatic = pk
 	handshake.precomputedStaticStatic = device.staticIdentity.privateKey.sharedSecret(pk)
+	ssIsZero := isZero(handshake.precomputedStaticStatic[:])
+	handshake.remoteStatic = pk
 	handshake.mutex.Unlock()

 	// reset endpoint

 	peer.endpoint = nil

+	// conditionally add
+
+	if !ssIsZero {
+		device.peers.keyMap[pk] = peer
+	} else {
+		return nil, nil
+	}
+
 	// start peer

 	if peer.device.isUp.Get() {
--- a/device/uapi.go
+++ b/device/uapi.go
@ -243,7 +243,12 @@ func (device *Device) IpcSetOperation(socket *bufio.Reader) *IPCError {
 						logError.Println("Failed to create new peer:", err)
 						return &IPCError{ipc.IpcErrorInvalid}
 					}
-					logDebug.Println(peer, "- UAPI: Created")
+					if peer == nil {
+						dummy = true
+						peer = &Peer{}
+					} else {
+						logDebug.Println(peer, "- UAPI: Created")
+					}
 				}

 			case "remove":