From 72527f4d33e098230381cfc14097161eef7c6b8d Mon Sep 17 00:00:00 2001
From: zzz <zzz@mail.i2p>
Date: Tue, 1 Dec 2015 20:11:07 +0000
Subject: [PATCH] SSU: Allow IP and port in relay request if it matches the
 source

---
 .../transport/udp/IntroductionManager.java    | 32 ++++++++++++++++---
 1 file changed, 27 insertions(+), 5 deletions(-)

diff --git a/router/java/src/net/i2p/router/transport/udp/IntroductionManager.java b/router/java/src/net/i2p/router/transport/udp/IntroductionManager.java
index 9bc2bfd72a..5e644ec244 100644
--- a/router/java/src/net/i2p/router/transport/udp/IntroductionManager.java
+++ b/router/java/src/net/i2p/router/transport/udp/IntroductionManager.java
@@ -3,6 +3,7 @@ package net.i2p.router.transport.udp;
 import java.net.InetAddress;
 import java.net.UnknownHostException;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.List;
@@ -440,12 +441,33 @@ class IntroductionManager {
         // and we don't read it here.
         // FIXME implement for getting Alice's IPv4 in RelayRequest sent over IPv6?
         // or is that just too easy to spoof?
-        if (!isValid(alice.getIP(), alice.getPort()) || ipSize != 0 || port != 0) {
-            if (_log.shouldLog(Log.WARN)) {
-                byte ip[] = new byte[ipSize];
-                rrReader.readIP(ip, 0);
-                _log.warn("Bad relay req from " + alice + " for " + Addresses.toString(ip, port));
+        byte[] aliceIP = alice.getIP();
+        int alicePort = alice.getPort();
+        if (!isValid(alice.getIP(), alice.getPort())) {
+            if (_log.shouldWarn())
+                _log.warn("Bad relay req from " + alice + " for " + Addresses.toString(aliceIP, alicePort));
+            _context.statManager().addRateData("udp.relayBadIP", 1);
+            return;
+        }
+        // prior to 0.9.24 we rejected any non-zero-length ip
+        // here we reject anything different
+        // TODO relay request over IPv6
+        if (ipSize != 0) {
+            byte ip[] = new byte[ipSize];
+            rrReader.readIP(ip, 0);
+            if (!Arrays.equals(aliceIP, ip)) {
+                if (_log.shouldWarn())
+                    _log.warn("Bad relay req from " + alice + " for " + Addresses.toString(ip, port));
+                _context.statManager().addRateData("udp.relayBadIP", 1);
+                return;
             }
+        }
+        // prior to 0.9.24 we rejected any nonzero port
+        // here we reject anything different
+        // TODO relay request over IPv6
+        if (port != 0 && port != alicePort) {
+            if (_log.shouldWarn())
+                _log.warn("Bad relay req from " + alice + " for " + Addresses.toString(aliceIP, port));
             _context.statManager().addRateData("udp.relayBadIP", 1);
             return;
         }
-- 
GitLab