reject packets with the wrong connection ID in the client

2017-09-20 09:27:37 +07:00
parent 5a94b2034c
commit 84f3ec5343
2 changed files with 47 additions and 19 deletions
--- a/client.go
+++ b/client.go
@@ -38,6 +38,8 @@ type client struct {
 }

 var (
+	// make it possible to mock connection ID generation in the tests
+	generateConnectionID         = utils.GenerateConnectionID
 	errCloseSessionForNewVersion = errors.New("closing session in order to recreate it with a new version")
 )

@@ -82,7 +84,7 @@ func DialNonFWSecure(
 	tlsConf *tls.Config,
 	config *Config,
 ) (NonFWSession, error) {
-	connID, err := utils.GenerateConnectionID()
+	connID, err := generateConnectionID()
 	if err != nil {
 		return nil, err
 	}
@@ -257,6 +259,10 @@ func (c *client) handlePacket(remoteAddr net.Addr, packet []byte) {
 	if hdr.TruncateConnectionID && !c.config.RequestConnectionIDTruncation {
 		return
 	}
+	// reject packets with the wrong connection ID
+	if !hdr.TruncateConnectionID && hdr.ConnectionID != c.connectionID {
+		return
+	}
 	hdr.Raw = packet[:len(packet)-r.Len()]

 	c.mutex.Lock()