summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--controller/SqliteNetworkController.cpp9
-rw-r--r--node/Network.cpp30
2 files changed, 28 insertions, 11 deletions
diff --git a/controller/SqliteNetworkController.cpp b/controller/SqliteNetworkController.cpp
index d77e06d8..eb8e399b 100644
--- a/controller/SqliteNetworkController.cpp
+++ b/controller/SqliteNetworkController.cpp
@@ -1158,7 +1158,14 @@ unsigned int SqliteNetworkController::_doCPGet(
sqlite3_bind_text(_sGetIpAssignmentsForNode2,2,addrs,10,SQLITE_STATIC);
bool firstIp = true;
while (sqlite3_step(_sGetIpAssignmentsForNode2) == SQLITE_ROW) {
- InetAddress ip((const void *)sqlite3_column_blob(_sGetIpAssignmentsForNode2,0),(sqlite3_column_int(_sGetIpAssignmentsForNode2,2) == 6) ? 16 : 4,(unsigned int)sqlite3_column_int(_sGetIpAssignmentPools2,1));
+ int ipversion = sqlite3_column_int(_sGetIpAssignmentsForNode2,2);
+ char ipBlob[16];
+ memcpy(ipBlob,(const void *)sqlite3_column_blob(_sGetIpAssignmentsForNode2,0),16);
+ InetAddress ip(
+ (const void *)(ipversion == 6 ? ipBlob : &ipBlob[12]),
+ (ipversion == 6 ? 16 : 4),
+ (unsigned int)sqlite3_column_int(_sGetIpAssignmentsForNode2,1)
+ );
responseBody.append(firstIp ? "\"" : ",\"");
firstIp = false;
responseBody.append(_jsonEscape(ip.toString()));
diff --git a/node/Network.cpp b/node/Network.cpp
index d5dc7d58..c072e978 100644
--- a/node/Network.cpp
+++ b/node/Network.cpp
@@ -286,18 +286,28 @@ void Network::addMembershipCertificate(const CertificateOfMembership &cert,bool
return;
}
- SharedPtr<Peer> signer(RR->topology->getPeer(cert.signedBy()));
+ if (cert.signedBy() == RR->identity.address()) {
+ // We are the controller: RR->identity.address() == controller() == cert.signedBy()
+ // So, verify that we signed th cert ourself
+ if (!cert.verify(RR->identity)) {
+ TRACE("rejected network membership certificate for %.16llx self signed by %s: signature check failed",(unsigned long long)_id,cert.signedBy().toString().c_str());
+ return;
+ }
+ } else {
- if (!signer) {
- // This would be rather odd, since this is our controller... could happen
- // if we get packets before we've gotten config.
- RR->sw->requestWhois(cert.signedBy());
- return;
- }
+ SharedPtr<Peer> signer(RR->topology->getPeer(cert.signedBy()));
- if (!cert.verify(signer->identity())) {
- TRACE("rejected network membership certificate for %.16llx signed by %s: signature check failed",(unsigned long long)_id,cert.signedBy().toString().c_str());
- return;
+ if (!signer) {
+ // This would be rather odd, since this is our controller... could happen
+ // if we get packets before we've gotten config.
+ RR->sw->requestWhois(cert.signedBy());
+ return;
+ }
+
+ if (!cert.verify(signer->identity())) {
+ TRACE("rejected network membership certificate for %.16llx signed by %s: signature check failed",(unsigned long long)_id,cert.signedBy().toString().c_str());
+ return;
+ }
}
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-22 15:53:20 +0000