mutable: verify incoming share signatures during Publish, it's not that expensive...

author Brian Warner <warner@allmydata.com>

Thu, 8 Nov 2007 21:02:36 +0000 (14:02 -0700)

committer Brian Warner <warner@allmydata.com>

Thu, 8 Nov 2007 21:02:36 +0000 (14:02 -0700)
author Brian Warner <warner@allmydata.com>
Thu, 8 Nov 2007 21:02:36 +0000 (14:02 -0700)
committer Brian Warner <warner@allmydata.com>
Thu, 8 Nov 2007 21:02:36 +0000 (14:02 -0700)
diff --git a/src/allmydata/mutable.py b/src/allmydata/mutable.py

index 20b0429a21300377bd5fd0a20c397834176abc60..d7a0d669cf1e1b33f94b842cc812dd87b4a5eb0a 100644 (file)
--- a/src/allmydata/mutable.py
+++ b/src/allmydata/mutable.py
@@ -745,11 +745,13 @@ class Publish:
              (seqnum, root_hash, IV, k, N, segsize, datalen,
               pubkey_s, signature, prefix) = r
  
-            # TODO: consider verifying the signature here. It's expensive.
-            # What can an attacker (in this case the server) accomplish? They
-            # could make us think that there's a newer version of the file
-            # out there, which would cause us to throw
-            # UncoordinatedWriteError (i.e. it's a DoS attack).
+            # self._pubkey is present because we require read-before-replace
+            valid = self._pubkey.verify(prefix, signature)
+            if not valid:
+                self.log("WEIRD: bad signature from %s shnum %d" %
+                         (shnum, idlib.shortnodeid_b2a(peerid)))
+                continue
+
              share = (shnum, seqnum, root_hash)
              current_share_peers.add(shnum, (peerid, seqnum, root_hash) )
author	Brian Warner <warner@allmydata.com>
	Thu, 8 Nov 2007 21:02:36 +0000 (14:02 -0700)
committer	Brian Warner <warner@allmydata.com>
	Thu, 8 Nov 2007 21:02:36 +0000 (14:02 -0700)