Kaladaran/briar
0
0
Fork 0
mirror of https://code.briarproject.org/briar/briar.git synced 2026-02-14 19:59:05 +01:00
Code Issues Projects Releases Wiki Activity

Ignore expected IVs that arrive by the wrong transport.

Browse Source 
This prevents an attacker from replaying connections to test whether a
transport endpoint has the same owner as an endpoint on another
transport (eg probing a Bluetooth device to see whether it has the
same owner as a given internet host).
This commit is contained in:
akwizgran
2011-11-17 09:24:28 +00:00
parent 13ebd369e2
commit 66d973bcdd
5 changed files with 44 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
components/net/sf/briar/transport/ConnectionDispatcherImpl.java
View File

@@ -52,7 +52,7 @@ public class ConnectionDispatcherImpl implements ConnectionDispatcher {
// Get the connection context, or null if the IV wasn't expected
ConnectionContext ctx;
try {
ctx = recogniser.acceptConnection(encryptedIv);
ctx = recogniser.acceptConnection(t, encryptedIv);
} catch(DbException e) {
if(LOG.isLoggable(Level.WARNING)) LOG.warning(e.getMessage());
r.dispose(false);
@@ -95,7 +95,7 @@ public class ConnectionDispatcherImpl implements ConnectionDispatcher {
// Get the connection context, or null if the IV wasn't expected
ConnectionContext ctx;
try {
ctx = recogniser.acceptConnection(encryptedIv);
ctx = recogniser.acceptConnection(t, encryptedIv);
} catch(DbException e) {
if(LOG.isLoggable(Level.WARNING)) LOG.warning(e.getMessage());
s.dispose(false);