From 897338b79013bf8caea58bcad5673b179f581521 Mon Sep 17 00:00:00 2001
From: zzz <zzz@i2pmail.org>
Date: Fri, 24 Jun 2022 16:56:47 -0400
Subject: [PATCH] SSU2: Add checks of peer test msg 1 IP/port

---
 .../i2p/router/transport/udp/PeerTestManager.java | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/router/java/src/net/i2p/router/transport/udp/PeerTestManager.java b/router/java/src/net/i2p/router/transport/udp/PeerTestManager.java
index 6242f26696..e1bb090b64 100644
--- a/router/java/src/net/i2p/router/transport/udp/PeerTestManager.java
+++ b/router/java/src/net/i2p/router/transport/udp/PeerTestManager.java
@@ -1055,6 +1055,21 @@ class PeerTestManager {
                         _log.warn("Msg 1 status " + status);
                     return;
                 }
+                // IP/port checks
+                if (testIP == null ||
+                    isIPv6 != fromPeer.isIPv6() ||
+                    !TransportUtil.isValidPort(testPort) ||
+                    !_transport.isValid(testIP) ||
+                    _transport.isTooClose(testIP) ||
+                    // exact match for IPv4, /64 for IPv6
+                    !DataHelper.eq(fromPeer.getRemoteIP(), 0, testIP, 0, isIPv6 ? 8 : 4)) {
+                    if (_log.shouldWarn())
+                        _log.warn("Invalid PeerTest address: " + Addresses.toString(testIP, testPort));
+                    UDPPacket packet = _packetBuilder2.buildPeerTestToAlice(SSU2Util.TEST_REJECT_BOB_ADDRESS,
+                                                                            Hash.FAKE_HASH, data, fromPeer);
+                    _transport.send(packet);
+                    return;
+                }
                 Hash alice = fromPeer.getRemotePeer();
                 RouterInfo aliceRI = _context.netDb().lookupRouterInfoLocally(alice);
                 if (aliceRI == null) {
-- 
GitLab