Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security: do version checks first, then send a verack response #2121

Merged
merged 1 commit into from
May 17, 2021
Merged

Security: do version checks first, then send a verack response #2121

merged 1 commit into from
May 17, 2021

Conversation

teor2345
Copy link
Contributor

@teor2345 teor2345 commented May 7, 2021
edited
Loading

Motivation

As a general rule, Zebra should do local checks first, then send messages to the peer.

This minor security issue was discovered during #2120, but it's not related to that fix. (It just changes nearby code.)

Review

This is a routine security fix. Anyone can review.

Related Issues

This fix is based on #2120. GitHub will automatically rebase it to main once #2120 merges.

@teor2345 teor2345 added C-bug Category: This is a bug A-rust Area: Updates to Rust code P-Medium C-security Category: Security issues I-invalid-data Zebra relies on invalid or untrusted data, or sends invalid data A-network Area: Network protocol updates or fixes labels May 7, 2021
@teor2345 teor2345 added this to the 2021 Sprint 9 milestone May 7, 2021
@teor2345 teor2345 requested a review from a team May 7, 2021 01:48
@teor2345 teor2345 self-assigned this May 7, 2021
@teor2345 teor2345 changed the base branch from stop-gossip-bad-addr to main May 7, 2021 01:49
@teor2345 teor2345 changed the base branch from main to stop-gossip-bad-addr May 7, 2021 01:50
@teor2345 teor2345 force-pushed the verack-after-check branch from 025cf34 to 0e41205 Compare May 7, 2021 01:51
@teor2345 teor2345 mentioned this pull request May 7, 2021
Merged
3 tasks
@teor2345 teor2345 force-pushed the stop-gossip-bad-addr branch from 0d424c0 to 50d72a6 Compare May 7, 2021 02:20
@teor2345 teor2345 force-pushed the verack-after-check branch from 3494e9b to 32616ec Compare May 7, 2021 02:20
This was referenced May 7, 2021
Closed
Merged
@teor2345 teor2345 force-pushed the stop-gossip-bad-addr branch from 50d72a6 to 993cc21 Compare May 7, 2021 02:59
@teor2345 teor2345 force-pushed the verack-after-check branch from 32616ec to 315a32b Compare May 7, 2021 03:00
@teor2345 teor2345 marked this pull request as draft May 7, 2021 06:05
@teor2345
Copy link
Contributor Author

teor2345 commented May 7, 2021

Marking as draft until #2120 merges

Base automatically changed from stop-gossip-bad-addr to main May 14, 2021 13:45
@teor2345 teor2345 marked this pull request as ready for review May 16, 2021 08:37
@teor2345
Security: Move the Verack response after the version check
66abfbe 
We should do as many local checks as possible, before sending further
messages.
@teor2345 teor2345 force-pushed the verack-after-check branch from 315a32b to 66abfbe Compare May 16, 2021 08:41
@teor2345 teor2345 enabled auto-merge (squash) May 17, 2021 00:03
@teor2345 teor2345 merged commit 7969459 into main May 17, 2021
@teor2345 teor2345 deleted the verack-after-check branch May 17, 2021 20:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dconnolly dconnolly dconnolly approved these changes

Assignees

@teor2345 teor2345

Labels
A-network Area: Network protocol updates or fixes A-rust Area: Updates to Rust code C-bug Category: This is a bug C-security Category: Security issues I-invalid-data Zebra relies on invalid or untrusted data, or sends invalid data
Projects
None yet
Milestone
2021 Sprint 9
Development

Successfully merging this pull request may close these issues.
2 participants
@teor2345 @dconnolly