Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2024-10-01 02:35:48 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #1673 from G10h4ck/short_invites_fixup

Browse Source 
Fix addSslOnlyFriend when adding with already known PGP
This commit is contained in:
csoler 2019-10-11 21:04:32 +02:00 committed by GitHub
commit 25e9a85a1c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 19 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
libretroshare/src/pqi/p3peermgr.cc
View File

@ -1074,26 +1074,22 @@ bool p3PeerMgrIMPL::addFriend(const RsPeerId& input_id, const RsPgpId& input_gpg
bool p3PeerMgrIMPL::addSslOnlyFriend(
const RsPeerId& sslId, const RsPgpId& pgp_id, const RsPeerDetails& dt )
{
if(sslId.isNull())
constexpr auto fname = __PRETTY_FUNCTION__;
const auto failure = [&](const std::string& err)
{
RsErr() << __PRETTY_FUNCTION__ << " Cannot add a null "
<< "ID as SSL-only friend " << std::endl;
RsErr() << fname << " " << err << std::endl;
return false;
}
};
if(sslId.isNull())
return failure("Cannot add a null ID as SSL-only friend");
if(pgp_id.isNull())
{
RsErr() << __PRETTY_FUNCTION__ << " Cannot add as SSL-only friend a "
<< "peer with null PGP" << std::endl;
return false;
}
return failure( " Cannot add as SSL-only friend a peer with null PGP");
if(sslId == getOwnId())
{
RsErr() << __PRETTY_FUNCTION__ << " Cannot add yourself as SSL-only "
<< "friend (id=" << sslId << ")" << std::endl;
return false;
}
return failure( "Cannot add yourself as SSL-only friend id:" +
sslId.toStdString() );
bool alreadySslFriend = false;
peerState pstate;
@ -1116,13 +1112,10 @@ bool p3PeerMgrIMPL::addSslOnlyFriend(
* PGP id we already know, to avoid nasty tricks with malevolently forged
* short invites.*/
if(alreadySslFriend && pstate.gpg_id != pgp_id)
{
RsErr() << __PRETTY_FUNCTION__ << " Cannot SSL-only friend for "
<< "a pre-existing friend with mismatching PGP-id "
<< "known: " << pstate.gpg_id << " new: " << pgp_id
<< std::endl;
return false;
}
return failure( "Cannot SSL-only friend for a pre-existing friend with "
"mismatching PGP-id known: " +
pstate.gpg_id.toStdString() + " new: " +
pgp_id.toStdString() );
/* It is very important to be expecially carefull setting
* pstate.skip_pgp_signature_validation to true because this effectively
@ -1137,8 +1130,11 @@ bool p3PeerMgrIMPL::addSslOnlyFriend(
* connection closed.
* Instead if pstate.skip_pgp_signature_validation would have been
* superficially set to true the PGP signature verification would have been
* skipped and the attacker connection would be accepted. */
if(!AuthGPG::getAuthGPG()->isPgpPubKeyAvailable(pgp_id))
* skipped and the attacker connection would be accepted.
* If the PGP key is available add it as full friend. */
if(AuthGPG::getAuthGPG()->isPgpPubKeyAvailable(pgp_id))
AuthGPG::getAuthGPG()->AllowConnection(pgp_id, true);
else
pstate.skip_pgp_signature_validation = true;
pstate.gpg_id = pgp_id;