Gossip: Fix connection leak when spoofing detected

yacovm · yacovm · commit cba76618dc10 · 2017-03-21T15:57:47.000+02:00
In gossip, when a peer sends a message to a remote peer, it specifies
its PKI-ID in order for the layers above the comm layer to be sure
the peer on the other side has the identity that the current peer
thinks the peer on the other side has.

In case the handshake succeeds, but the PKI-ID of the remote peer
is detected to be different than the expected PKI-ID, the connection
creation attempt aborts but it doesn't close the gRPC connection-
which leads to a connection leak.

Change-Id: Ic8d247ccbc02da3018a27770cffa5173c76a6ae4
Signed-off-by: Yacov Manevich &lt;yacovm@il.ibm.com&gt;
diff --git a/gossip/comm/comm_impl.go b/gossip/comm/comm_impl.go
@@ -197,6 +197,7 @@ func (c *commImpl) createConnection(endpoint string, expectedPKIID common.PKIidT
 			if expectedPKIID != nil && !bytes.Equal(pkiID, expectedPKIID) {
 				// PKIID is nil when we don't know the remote PKI id's
 				c.logger.Warning("Remote endpoint claims to be a different peer, expected", expectedPKIID, "but got", pkiID)
+				cc.Close()
 				return nil, errors.New("Authentication failure")
 			}
 			conn := newConnection(cl, cc, stream, nil)

Original file line number	Diff line number	Diff line change
`@@ -197,6 +197,7 @@ func (c *commImpl) createConnection(endpoint string, expectedPKIID common.PKIidT`
`197`	`197`	`if expectedPKIID != nil && !bytes.Equal(pkiID, expectedPKIID) {`
`198`	`198`	`// PKIID is nil when we don't know the remote PKI id's`
`199`	`199`	`c.logger.Warning("Remote endpoint claims to be a different peer, expected", expectedPKIID, "but got", pkiID)`
	`200`	`+ cc.Close()`
`200`	`201`	`return nil, errors.New("Authentication failure")`
`201`	`202`	`}`
`202`	`203`	`conn := newConnection(cl, cc, stream, nil)`