Do not allow session ID reuse and clean up sessions for introducee

It was possible that a malicious introducer sends new request with the same session ID that was used previously and thus causing introducees to have multiple states for the same session ID. This commits prevents that from happening and adds an integration test for that scenario. Also if an introducee removes an introducer, all past session states will be deleted from the database. For this, a test was added as well. Closes #371 Closes #372
2026-02-13 11:19:04 +01:00 · 2016-05-04 20:39:22 -03:00
parent 5a84e0fe5c
commit 685e1422a5
6 changed files with 241 additions and 8 deletions
--- a/briar-core/src/org/briarproject/introduction/IntroductionGroupFactory.java
+++ b/briar-core/src/org/briarproject/introduction/IntroductionGroupFactory.java
@@ -6,7 +6,7 @@ import org.briarproject.api.sync.Group;

 import javax.inject.Inject;

-class IntroductionGroupFactory {
+public class IntroductionGroupFactory {

 	final private PrivateGroupFactory privateGroupFactory;
 	final private Group localGroup;
--- a/briar-core/src/org/briarproject/introduction/IntroductionManagerImpl.java
+++ b/briar-core/src/org/briarproject/introduction/IntroductionManagerImpl.java
@@ -147,8 +147,13 @@ class IntroductionManagerImpl extends BdfIncomingMessageHook
 			for (Map.Entry<MessageId, BdfDictionary> entry : map.entrySet()) {
 				BdfDictionary d = entry.getValue();
 				long role = d.getLong(ROLE, -1L);
-				if (role != ROLE_INTRODUCER) continue;
-				if (d.getLong(CONTACT_ID_1).equals(id) ||
+				if (role != ROLE_INTRODUCER) {
+					if (d.getLong(CONTACT_ID_1).equals(id)) {
+						// delete states if introducee removes introducer
+						deleteMessage(txn, entry.getKey());
+					}
+				}
+				else if (d.getLong(CONTACT_ID_1).equals(id) ||
 						d.getLong(CONTACT_ID_2).equals(id)) {

 					IntroducerProtocolState state = IntroducerProtocolState
@@ -178,13 +183,19 @@ class IntroductionManagerImpl extends BdfIncomingMessageHook

 		// Get message data and type
 		GroupId groupId = m.getGroupId();
-		message.put(GROUP_ID, groupId);
 		long type = message.getLong(TYPE, -1L);

 		// we are an introducee, need to initialize new state
 		if (type == TYPE_REQUEST) {
+			boolean stateExists = true;
+			try {
+				getSessionState(txn, groupId, message.getRaw(SESSION_ID), false);
+			} catch (FormatException e) {
+				stateExists = false;
+			}
 			BdfDictionary state;
 			try {
+				if (stateExists) throw new FormatException();
 				state = introduceeManager.initialize(txn, groupId, message);
 			} catch (FormatException e) {
 				if (LOG.isLoggable(WARNING)) {
@@ -450,7 +461,8 @@ class IntroductionManagerImpl extends BdfIncomingMessageHook
 	}

 	private BdfDictionary getSessionState(Transaction txn, GroupId groupId,
-			byte[] sessionId) throws DbException, FormatException {
+			byte[] sessionId, boolean warn)
+			throws DbException, FormatException {

 		try {
 			// See if we can find the state directly for the introducer
@@ -476,7 +488,7 @@ class IntroductionManagerImpl extends BdfIncomingMessageHook
 					if (g.equals(groupId)) return state;
 				}
 			}
-			if (LOG.isLoggable(WARNING)) {
+			if (warn && LOG.isLoggable(WARNING)) {
 				LOG.warning(
 						"No session state found for message with session ID " +
 								Arrays.hashCode(sessionId));
@@ -485,6 +497,12 @@ class IntroductionManagerImpl extends BdfIncomingMessageHook
 		}
 	}

+	private BdfDictionary getSessionState(Transaction txn, GroupId groupId,
+			byte[] sessionId) throws DbException, FormatException {
+
+		return getSessionState(txn, groupId, sessionId, true);
+	}
+
 	private void deleteMessage(Transaction txn, MessageId messageId)
 			throws DbException {

--- a/briar-core/src/org/briarproject/introduction/IntroductionValidator.java
+++ b/briar-core/src/org/briarproject/introduction/IntroductionValidator.java
@@ -16,6 +16,7 @@ import static org.briarproject.api.identity.AuthorConstants.MAX_AUTHOR_NAME_LENG
 import static org.briarproject.api.identity.AuthorConstants.MAX_PUBLIC_KEY_LENGTH;
 import static org.briarproject.api.introduction.IntroductionConstants.ACCEPT;
 import static org.briarproject.api.introduction.IntroductionConstants.E_PUBLIC_KEY;
+import static org.briarproject.api.introduction.IntroductionConstants.GROUP_ID;
 import static org.briarproject.api.introduction.IntroductionConstants.MESSAGE_ID;
 import static org.briarproject.api.introduction.IntroductionConstants.MESSAGE_TIME;
 import static org.briarproject.api.introduction.IntroductionConstants.MSG;
@@ -63,6 +64,7 @@ class IntroductionValidator extends BdfMessageValidator {

 		d.put(TYPE, type);
 		d.put(SESSION_ID, id);
+		d.put(GROUP_ID, m.getGroupId());
 		d.put(MESSAGE_ID, m.getId());
 		d.put(MESSAGE_TIME, m.getTimestamp());
 		return d;
--- a/briar-core/src/org/briarproject/introduction/MessageSender.java
+++ b/briar-core/src/org/briarproject/introduction/MessageSender.java
@@ -32,7 +32,7 @@ import static org.briarproject.api.introduction.IntroductionConstants.TYPE_ACK;
 import static org.briarproject.api.introduction.IntroductionConstants.TYPE_REQUEST;
 import static org.briarproject.api.introduction.IntroductionConstants.TYPE_RESPONSE;

-class MessageSender {
+public class MessageSender {

 	final private DatabaseComponent db;
 	final private ClientHelper clientHelper;