From 244f37179cb20b1ebec420da5b315ecf8ac0db40 Mon Sep 17 00:00:00 2001
From: Adam Ierymenko <adam.ierymenko@gmail.com>
Date: Mon, 5 Dec 2016 16:09:42 -0800
Subject: Minor security: lock roots to only be reachable via World IPs.

---
 node/Node.cpp | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'node/Node.cpp')

diff --git a/node/Node.cpp b/node/Node.cpp
index 11f76365..ed60817f 100644
--- a/node/Node.cpp
+++ b/node/Node.cpp
@@ -633,6 +633,9 @@ bool Node::shouldUsePathForZeroTierTraffic(const Address &ztaddr,const InetAddre
 	if (!Path::isAddressValidForPath(remoteAddress))
 		return false;
 
+	if (RR->topology->isProhibitedEndpoint(ztaddr,remoteAddress))
+		return false;
+
 	{
 		Mutex::Lock _l(_networks_m);
 		for(std::vector< std::pair< uint64_t, SharedPtr<Network> > >::const_iterator i=_networks.begin();i!=_networks.end();++i) {
-- 
cgit v1.2.3