From 365b9053ecb758b4a3ee47b6c9eb6517a77a19ee Mon Sep 17 00:00:00 2001
From: zzz <zzz@mail.i2p>
Date: Sun, 28 Jun 2020 14:56:08 +0000
Subject: [PATCH] NetDB: Check signature in verify Remove null checks, _target
 can't be null

---
 core/java/src/net/i2p/data/DatabaseEntry.java    |  3 ++-
 .../kademlia/FloodfillVerifyStoreJob.java        | 16 ++++++++++++----
 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/core/java/src/net/i2p/data/DatabaseEntry.java b/core/java/src/net/i2p/data/DatabaseEntry.java
index 77638daa0a..6b4f25d2b7 100644
--- a/core/java/src/net/i2p/data/DatabaseEntry.java
+++ b/core/java/src/net/i2p/data/DatabaseEntry.java
@@ -231,8 +231,9 @@ public abstract class DatabaseEntry extends DataStructureImpl {
      * This is the same as isValid() in RouterInfo
      * or verifySignature() in LeaseSet.
      * @return valid
+     * @since public since 0.9.47, was protected
      */
-    protected boolean verifySignature() {
+    public boolean verifySignature() {
         if (_signature == null)
             return false;
         byte data[];
diff --git a/router/java/src/net/i2p/router/networkdb/kademlia/FloodfillVerifyStoreJob.java b/router/java/src/net/i2p/router/networkdb/kademlia/FloodfillVerifyStoreJob.java
index a48622bd4a..2edc95ddfe 100644
--- a/router/java/src/net/i2p/router/networkdb/kademlia/FloodfillVerifyStoreJob.java
+++ b/router/java/src/net/i2p/router/networkdb/kademlia/FloodfillVerifyStoreJob.java
@@ -35,7 +35,7 @@ import net.i2p.util.Log;
 class FloodfillVerifyStoreJob extends JobImpl {
     private final Log _log;
     private final Hash _key, _client;
-    private Hash _target;
+    private volatile Hash _target;
     private final Hash _sentTo;
     private final FloodfillNetworkDatabaseFacade _facade;
     private long _expiration;
@@ -329,6 +329,15 @@ class FloodfillVerifyStoreJob extends JobImpl {
                 // Verify it's as recent as the one we sent
                 DatabaseStoreMessage dsm = (DatabaseStoreMessage)_message;
                 DatabaseEntry entry = dsm.getEntry();
+                if (!entry.verifySignature()) {
+                    if (_log.shouldWarn())
+                        _log.warn(getJobId() + ": Sent bad data for verify: " + _target);
+                    pm.dbLookupFailed(_target);
+                    ctx.banlist().banlistRouterForever(_target, "Sent bad netdb data");
+                    ctx.statManager().addRateData("netDb.floodfillVerifyFail", delay);
+                    resend();
+                    return;
+                }
                 long newDate;
                 boolean success;
                 if (_isLS2 &&
@@ -376,7 +385,7 @@ class FloodfillVerifyStoreJob extends JobImpl {
             // but we have to use one of them to affect the FloodfillPeerSelector ordering.
             // If we don't do this we get stuck using the same verify peer every time even
             // though it is the real problem.
-            if (_target != null && !_target.equals(_sentTo))
+            if (!_target.equals(_sentTo))
                 pm.dbLookupFailed(_target);
             ctx.statManager().addRateData("netDb.floodfillVerifyFail", delay);
             resend();
@@ -416,8 +425,7 @@ class FloodfillVerifyStoreJob extends JobImpl {
             Set<Hash> toSkip = new HashSet<Hash>(2);
             if (_sentTo != null)
                 toSkip.add(_sentTo);
-            if (_target != null)
-                toSkip.add(_target);
+            toSkip.add(_target);
             if (_log.shouldWarn())
                 _log.warn(getJobId() + ": Verify failed, starting new store for: " + _key);
             _facade.sendStore(_key, ds, null, null, FloodfillNetworkDatabaseFacade.PUBLISH_TIMEOUT, toSkip);
-- 
GitLab