From cba76618dc10d79405697b0a1970ad3bc8fd771f Mon Sep 17 00:00:00 2001 From: YACOVM Date: Tue, 21 Mar 2017 15:57:47 +0200 Subject: [PATCH] Gossip: Fix connection leak when spoofing detected In gossip, when a peer sends a message to a remote peer, it specifies its PKI-ID in order for the layers above the comm layer to be sure the peer on the other side has the identity that the current peer thinks the peer on the other side has. In case the handshake succeeds, but the PKI-ID of the remote peer is detected to be different than the expected PKI-ID, the connection creation attempt aborts but it doesn't close the gRPC connection- which leads to a connection leak. Change-Id: Ic8d247ccbc02da3018a27770cffa5173c76a6ae4 Signed-off-by: Yacov Manevich --- gossip/comm/comm_impl.go | 1 + 1 file changed, 1 insertion(+) diff --git a/gossip/comm/comm_impl.go b/gossip/comm/comm_impl.go index 795bd59ed7a..7f92e61e532 100644 --- a/gossip/comm/comm_impl.go +++ b/gossip/comm/comm_impl.go @@ -197,6 +197,7 @@ func (c *commImpl) createConnection(endpoint string, expectedPKIID common.PKIidT if expectedPKIID != nil && !bytes.Equal(pkiID, expectedPKIID) { // PKIID is nil when we don't know the remote PKI id's c.logger.Warning("Remote endpoint claims to be a different peer, expected", expectedPKIID, "but got", pkiID) + cc.Close() return nil, errors.New("Authentication failure") } conn := newConnection(cl, cc, stream, nil)