p2p: plug tor to clearnet association vector

During the handshake for an incoming connection, the peer id is checked against the local node's peer id only for the specific zone of the incoming peer, in order to avoid linking public addresses to tor addresses:
5d7ae2d279/src/p2p/net_node.inl (L2343)

However, on handshakes for outgoing connections, all zones are checked:
5d7ae2d279/src/p2p/net_node.inl (L1064)

If an attacker wanted to link a specific tor node to a public node, they could potentially connect to as many public nodes as possible, get themselves added to the peer whitelist, maybe stuff some more attacker-owned addresses into the greylist, then disconnect, and for any future incoming connections, respond with the tor node's id in an attempt to link the public/tor addresses.
This commit is contained in:
Aaron Hook 2020-03-07 17:38:22 +00:00 committed by wowario
parent bd0c321d2c
commit fb5fad0768
No known key found for this signature in database
GPG key ID: 24DCBE762DE9C111

View file

@ -1051,17 +1051,15 @@ namespace nodetool
pi = context.peer_id = rsp.node_data.peer_id; pi = context.peer_id = rsp.node_data.peer_id;
context.m_rpc_port = rsp.node_data.rpc_port; context.m_rpc_port = rsp.node_data.rpc_port;
context.m_rpc_credits_per_hash = rsp.node_data.rpc_credits_per_hash; context.m_rpc_credits_per_hash = rsp.node_data.rpc_credits_per_hash;
m_network_zones.at(context.m_remote_address.get_zone()).m_peerlist.set_peer_just_seen(rsp.node_data.peer_id, context.m_remote_address, context.m_pruning_seed, context.m_rpc_port, context.m_rpc_credits_per_hash); network_zone& zone = m_network_zones.at(context.m_remote_address.get_zone());
zone.m_peerlist.set_peer_just_seen(rsp.node_data.peer_id, context.m_remote_address, context.m_pruning_seed, context.m_rpc_port, context.m_rpc_credits_per_hash);
// move // move
for (auto const& zone : m_network_zones) if(rsp.node_data.peer_id == zone.m_config.m_peer_id)
{ {
if(rsp.node_data.peer_id == zone.second.m_config.m_peer_id) LOG_DEBUG_CC(context, "Connection to self detected, dropping connection");
{ hsh_result = false;
LOG_DEBUG_CC(context, "Connection to self detected, dropping connection"); return;
hsh_result = false;
return;
}
} }
LOG_INFO_CC(context, "New connection handshaked, pruning seed " << epee::string_tools::to_string_hex(context.m_pruning_seed)); LOG_INFO_CC(context, "New connection handshaked, pruning seed " << epee::string_tools::to_string_hex(context.m_pruning_seed));
LOG_DEBUG_CC(context, " COMMAND_HANDSHAKE INVOKED OK"); LOG_DEBUG_CC(context, " COMMAND_HANDSHAKE INVOKED OK");