chore: better security around request responses

Previously, anyone with a valid TxId could send a response and, more importantly, overwrite an existing response. Now responses are immutable and only accepted from addresses which originally received the request.
2023-01-15 09:00:53 +00:00 · 2023-01-15 09:00:53 +00:00 · 9e9abb10c8
commit 9e9abb10c8
parent a3d09fbd08
2 changed files with 7 additions and 4 deletions
--- a/cmd/pc3/main.go
+++ b/cmd/pc3/main.go
@ -210,7 +210,7 @@ mainloop:
 					// can do.
 					continue mainloop
 				}
-				s.Response(packetData)
+				s.Response(packet.Peer, packetData)
 			}
 		}
 	}
--- a/cmd/pc3/state.go
+++ b/cmd/pc3/state.go
@ -22,6 +22,8 @@ type client struct {
 }

 type request struct {
+	target string
+
 	requestTime time.Time
 	request     proto.PacketReq

@ -51,7 +53,7 @@ func (s *state) Heartbeat(src string, hb proto.PacketHeartbeat) {
 }

 // Save a request and generate a TxId.
-func (s *state) Request(req proto.PacketReq) proto.PacketReq {
+func (s *state) Request(dst string, req proto.PacketReq) proto.PacketReq {
 	reqTxId := uuid.NewString()
 	req.TxId = reqTxId

@ -59,6 +61,7 @@ func (s *state) Request(req proto.PacketReq) proto.PacketReq {
 	defer s.requestsMutex.Unlock()

 	s.requests[reqTxId] = request{
+		target:      dst,
 		requestTime: time.Now(),
 		request:     req,
 	}
@ -67,11 +70,11 @@ func (s *state) Request(req proto.PacketReq) proto.PacketReq {
 }

 // Save a response to a request.
-func (s *state) Response(res proto.PacketRes) {
+func (s *state) Response(src string, res proto.PacketRes) {
 	s.requestsMutex.Lock()
 	defer s.requestsMutex.Unlock()

-	if req, ok := s.requests[res.TxId]; ok {
+	if req, ok := s.requests[res.TxId]; ok && src == req.target && req.responseTime.IsZero() {
 		req.responseTime = time.Now()
 		req.response = res
 		s.requests[res.TxId] = req