Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2025-06-07 14:12:43 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #1673 from G10h4ck/short_invites_fixup

Browse source 
Fix addSslOnlyFriend when adding with already known PGP
This commit is contained in:
csoler 2019-10-11 21:04:32 +02:00 committed by GitHub
commit 25e9a85a1c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 19 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

42
libretroshare/src/pqi/p3peermgr.cc
View file

@ -1074,26 +1074,22 @@ bool p3PeerMgrIMPL::addFriend(const RsPeerId& input_id, const RsPgpId& input_gpg
bool p3PeerMgrIMPL::addSslOnlyFriend( bool p3PeerMgrIMPL::addSslOnlyFriend(
const RsPeerId& sslId, const RsPgpId& pgp_id, const RsPeerDetails& dt ) const RsPeerId& sslId, const RsPgpId& pgp_id, const RsPeerDetails& dt )
{ {
if(sslId.isNull()) constexpr auto fname = __PRETTY_FUNCTION__;
const auto failure = [&](const std::string& err)
{ {
RsErr() << __PRETTY_FUNCTION__ << " Cannot add a null " RsErr() << fname << " " << err << std::endl;
<< "ID as SSL-only friend " << std::endl;
return false; return false;
} };
if(sslId.isNull())
return failure("Cannot add a null ID as SSL-only friend");
if(pgp_id.isNull()) if(pgp_id.isNull())
{ return failure( " Cannot add as SSL-only friend a peer with null PGP");
RsErr() << __PRETTY_FUNCTION__ << " Cannot add as SSL-only friend a "
<< "peer with null PGP" << std::endl;
return false;
}
if(sslId == getOwnId()) if(sslId == getOwnId())
{ return failure( "Cannot add yourself as SSL-only friend id:" +
RsErr() << __PRETTY_FUNCTION__ << " Cannot add yourself as SSL-only " sslId.toStdString() );
<< "friend (id=" << sslId << ")" << std::endl;
return false;
}
bool alreadySslFriend = false; bool alreadySslFriend = false;
peerState pstate; peerState pstate;
@ -1116,13 +1112,10 @@ bool p3PeerMgrIMPL::addSslOnlyFriend(
* PGP id we already know, to avoid nasty tricks with malevolently forged * PGP id we already know, to avoid nasty tricks with malevolently forged
* short invites.*/ * short invites.*/
if(alreadySslFriend && pstate.gpg_id != pgp_id) if(alreadySslFriend && pstate.gpg_id != pgp_id)
{ return failure( "Cannot SSL-only friend for a pre-existing friend with "
RsErr() << __PRETTY_FUNCTION__ << " Cannot SSL-only friend for " "mismatching PGP-id known: " +
<< "a pre-existing friend with mismatching PGP-id " pstate.gpg_id.toStdString() + " new: " +
<< "known: " << pstate.gpg_id << " new: " << pgp_id pgp_id.toStdString() );
<< std::endl;
return false;
}
/* It is very important to be expecially carefull setting /* It is very important to be expecially carefull setting
* pstate.skip_pgp_signature_validation to true because this effectively * pstate.skip_pgp_signature_validation to true because this effectively
@ -1137,8 +1130,11 @@ bool p3PeerMgrIMPL::addSslOnlyFriend(
* connection closed. * connection closed.
* Instead if pstate.skip_pgp_signature_validation would have been * Instead if pstate.skip_pgp_signature_validation would have been
* superficially set to true the PGP signature verification would have been * superficially set to true the PGP signature verification would have been
* skipped and the attacker connection would be accepted. */ * skipped and the attacker connection would be accepted.
if(!AuthGPG::getAuthGPG()->isPgpPubKeyAvailable(pgp_id)) * If the PGP key is available add it as full friend. */
if(AuthGPG::getAuthGPG()->isPgpPubKeyAvailable(pgp_id))
AuthGPG::getAuthGPG()->AllowConnection(pgp_id, true);
else
pstate.skip_pgp_signature_validation = true; pstate.skip_pgp_signature_validation = true;
pstate.gpg_id = pgp_id; pstate.gpg_id = pgp_id;