Skip to content

Commit

Permalink
webtransport: reject listening on a multiaddr with a certhash
Browse files Browse the repository at this point in the history
  • Loading branch information
MarcoPolo authored and marten-seemann committed Jul 14, 2023
1 parent 8a60a68 commit de24cd1
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 6 deletions.
5 changes: 4 additions & 1 deletion p2p/transport/webtransport/transport.go
Original file line number Diff line number Diff line change
Expand Up @@ -295,10 +295,13 @@ func (t *transport) CanDial(addr ma.Multiaddr) bool {
}

func (t *transport) Listen(laddr ma.Multiaddr) (tpt.Listener, error) {
isWebTransport, _ := IsWebtransportMultiaddr(laddr)
isWebTransport, certhashCount := IsWebtransportMultiaddr(laddr)
if !isWebTransport {
return nil, fmt.Errorf("cannot listen on non-WebTransport addr: %s", laddr)
}
if certhashCount > 0 {
return nil, fmt.Errorf("cannot listen on a specific certhash non-WebTransport addr: %s", laddr)
}
if t.staticTLSConf == nil {
t.listenOnce.Do(func() {
t.certManager, t.listenOnceErr = newCertManager(t.privKey, t.clock)
Expand Down
9 changes: 4 additions & 5 deletions p2p/transport/webtransport/transport_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -220,14 +220,13 @@ func TestCanDial(t *testing.T) {
func TestListenAddrValidity(t *testing.T) {
valid := []ma.Multiaddr{
ma.StringCast("/ip6/::/udp/0/quic-v1/webtransport/"),
ma.StringCast("/ip4/127.0.0.1/udp/11234/quic-v1/webtransport/"),
}

invalid := []ma.Multiaddr{
ma.StringCast("/ip4/127.0.0.1/udp/11234"), // missing webtransport
ma.StringCast("/ip4/127.0.0.1/udp/11234/webtransport"), // missing quic
ma.StringCast("/ip4/127.0.0.1/tcp/11234/webtransport"), // WebTransport over TCP? Is this a joke?
ma.StringCast("/ip4/127.0.0.1/udp/11234/quic-v1/webtransport/certhash/" + randomMultihash(t)), // We can't listen on a specific certhash
ma.StringCast("/ip4/127.0.0.1/udp/0"), // missing webtransport
ma.StringCast("/ip4/127.0.0.1/udp/0/webtransport"), // missing quic
ma.StringCast("/ip4/127.0.0.1/tcp/0/webtransport"), // WebTransport over TCP? Is this a joke?
ma.StringCast("/ip4/127.0.0.1/udp/0/quic-v1/webtransport/certhash/" + randomMultihash(t)), // We can't listen on a specific certhash
}

_, key := newIdentity(t)
Expand Down

0 comments on commit de24cd1

Please sign in to comment.