The authentication protocol allows an oracle attack that could
potentially be exploited. This commit contains several mitigations:
- Connections are no longer closed immediately on error, but put in
a "tarpit".
- The authentication protocol now requires a valid CHAL_REPLY from the
initiator of a connection before sending a CHAL_REPLY of its own.
- Only a limited amount of connections per second are accepted.
- Null ciphers or digests are no longer allowed in METAKEYs.
- Connections that claim to have the same name as the local node are
rejected.
projects / tinc / commitdiff