github
/
go-libp2p
mirror of https://github.com/libp2p/go-libp2p.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

webtransport: reject listening on a multiaddr with a certhash (#2426)

release-v0290
Marco Munizaga 1 year ago
committed by GitHub
parent
381f23057b
commit
0c8a73c0f1
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 6 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 5
      p2p/transport/webtransport/transport.go
  2. 9
      p2p/transport/webtransport/transport_test.go

5
p2p/transport/webtransport/transport.go
View File

@ -295,10 +295,13 @@ func (t *transport) CanDial(addr ma.Multiaddr) bool {
}
func (t *transport) Listen(laddr ma.Multiaddr) (tpt.Listener, error) {
isWebTransport, _ := IsWebtransportMultiaddr(laddr)
isWebTransport, certhashCount := IsWebtransportMultiaddr(laddr)
if !isWebTransport {
return nil, fmt.Errorf("cannot listen on non-WebTransport addr: %s", laddr)
}
if certhashCount > 0 {
return nil, fmt.Errorf("cannot listen on a specific certhash non-WebTransport addr: %s", laddr)
}
if t.staticTLSConf == nil {
t.listenOnce.Do(func() {
t.certManager, t.listenOnceErr = newCertManager(t.privKey, t.clock)

9
p2p/transport/webtransport/transport_test.go
View File

@ -220,14 +220,13 @@ func TestCanDial(t *testing.T) {
func TestListenAddrValidity(t *testing.T) {
valid := []ma.Multiaddr{
ma.StringCast("/ip6/::/udp/0/quic-v1/webtransport/"),
ma.StringCast("/ip4/127.0.0.1/udp/11234/quic-v1/webtransport/"),
}
invalid := []ma.Multiaddr{
ma.StringCast("/ip4/127.0.0.1/udp/11234"), // missing webtransport
ma.StringCast("/ip4/127.0.0.1/udp/11234/webtransport"), // missing quic
ma.StringCast("/ip4/127.0.0.1/tcp/11234/webtransport"), // WebTransport over TCP? Is this a joke?
ma.StringCast("/ip4/127.0.0.1/udp/11234/quic-v1/webtransport/certhash/" + randomMultihash(t)), // We can't listen on a specific certhash
ma.StringCast("/ip4/127.0.0.1/udp/0"), // missing webtransport
ma.StringCast("/ip4/127.0.0.1/udp/0/webtransport"), // missing quic
ma.StringCast("/ip4/127.0.0.1/tcp/0/webtransport"), // WebTransport over TCP? Is this a joke?
ma.StringCast("/ip4/127.0.0.1/udp/0/quic-v1/webtransport/certhash/" + randomMultihash(t)), // We can't listen on a specific certhash
}
_, key := newIdentity(t)

Write Preview
Loading…
Cancel
Save