[tor/master] addr: Validate identity key when getting a suggestion - tor-commits

9 Jul 2020

commit 9b2cadb492ee07ebb086b934b01ff8a5159fcc77
Author: David Goulet dgoulet@torproject.org
Date:   Wed Jul 8 07:46:12 2020 -0400
addr: Validate identity key when getting a suggestion
We do look at the address but with this we also look if the identity digest of
    the relay suggesting us an address is a trusted source.
Related to #40022
Signed-off-by: David Goulet dgoulet@torproject.org
---
 src/core/or/channeltls.c            | 3 ++-
 src/feature/relay/relay_find_addr.c | 9 ++++++---
 src/feature/relay/relay_find_addr.h | 3 ++-
 3 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/src/core/or/channeltls.c b/src/core/or/channeltls.c
index 9198a8bfb..4db373097 100644
--- a/src/core/or/channeltls.c
+++ b/src/core/or/channeltls.c
@@ -1934,7 +1934,8 @@ channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan)
    * we were unable to resolve it previously. The endpoint address is passed
    * in order to make sure to never consider an address that is the same as
    * our endpoint. */
-  relay_address_new_suggestion(&my_apparent_addr, &chan->conn->real_addr);
+  relay_address_new_suggestion(&my_apparent_addr, &chan->conn->real_addr,
+                               identity_digest);
if (! chan->conn->handshake_state->sent_netinfo) {
     /* If we were prepared to authenticate, but we never got an AUTH_CHALLENGE
diff --git a/src/feature/relay/relay_find_addr.c b/src/feature/relay/relay_find_addr.c
index 699eb7e38..28b5985bb 100644
--- a/src/feature/relay/relay_find_addr.c
+++ b/src/feature/relay/relay_find_addr.c
@@ -55,12 +55,14 @@ router_guess_address_from_dir_headers(uint32_t *guess)
  * passes. */
 void
 relay_address_new_suggestion(const tor_addr_t *suggested_addr,
-                             const tor_addr_t *peer_addr)
+                             const tor_addr_t *peer_addr,
+                             const char *identity_digest)
 {
   const or_options_t *options = get_options();
tor_assert(suggested_addr);
   tor_assert(peer_addr);
+  tor_assert(identity_digest);
/* This should never be called on a non Tor relay. */
   if (BUG(!server_mode(options))) {
@@ -68,8 +70,9 @@ relay_address_new_suggestion(const tor_addr_t *suggested_addr,
   }
/* Is the peer a trusted source? Ignore anything coming from non trusted
-   * source. In this case, we only look at trusted authorities. */
-  if (!router_addr_is_trusted_dir(peer_addr)) {
+   * source. In this case, we only look at trusted directory authorities. */
+  if (!router_addr_is_trusted_dir(peer_addr) ||
+      !router_digest_is_trusted_dir(identity_digest)) {
     return;
   }
diff --git a/src/feature/relay/relay_find_addr.h b/src/feature/relay/relay_find_addr.h
index d856e706e..6f298e6c7 100644
--- a/src/feature/relay/relay_find_addr.h
+++ b/src/feature/relay/relay_find_addr.h
@@ -16,7 +16,8 @@ void router_new_address_suggestion(const char *suggestion,
                                    const dir_connection_t *d_conn);
void relay_address_new_suggestion(const tor_addr_t *suggested_addr,
-                                  const tor_addr_t *peer_addr);
+                                  const tor_addr_t *peer_addr,
+                                  const char *identity_digest);
#ifdef RELAY_FIND_ADDR_PRIVATE

    