From: Aaron G. <th...@us...> - 2008-04-17 23:28:56
|
Update of /cvsroot/azureus/azureus2/org/gudy/azureus2/core3/peer/impl/transport In directory sc8-pr-cvs11.sourceforge.net:/tmp/cvs-serv15982/azureus2/org/gudy/azureus2/core3/peer/impl/transport Modified Files: PEPeerTransportProtocol.java Log Message: security measure: kill the connection if a peer sends multiple handshakes, as this is most likely a horrible implementation or malicious behavior. the handshake processing changes lots of states, this could be exploited Index: PEPeerTransportProtocol.java =================================================================== RCS file: /cvsroot/azureus/azureus2/org/gudy/azureus2/core3/peer/impl/transport/PEPeerTransportProtocol.java,v retrieving revision 1.443 retrieving revision 1.444 diff -u -d -r1.443 -r1.444 --- PEPeerTransportProtocol.java 17 Apr 2008 16:23:06 -0000 1.443 +++ PEPeerTransportProtocol.java 17 Apr 2008 23:28:57 -0000 1.444 @@ -1902,6 +1902,12 @@ protected void decodeBTHandshake( BTHandshake handshake ) { PeerIdentityDataID my_peer_data_id = manager.getPeerIdentityDataID(); + + if(getConnectionState() == CONNECTION_FULLY_ESTABLISHED) + { + handshake.destroy(); + closeConnectionInternally("peer sent another handshake after the intial connect"); + } if( !Arrays.equals( manager.getHash(), handshake.getDataHash() ) ) { closeConnectionInternally( "handshake has wrong infohash" ); @@ -2223,6 +2229,12 @@ } protected void decodeAZHandshake(AZHandshake handshake) { + if(getConnectionState() == CONNECTION_FULLY_ESTABLISHED) + { + handshake.destroy(); + closeConnectionInternally("peer sent another az-handshake after the intial connect"); + } + this.client_handshake = StringInterner.intern(handshake.getClient()); this.client_handshake_version = StringInterner.intern(handshake.getClientVersion()); this.client = StringInterner.intern(ClientIdentifier.identifyAZMP(this.client_peer_id, client_handshake, client_handshake_version, this.peer_id)); |