ca23a4406c
The sequence number used for replay detection was being updated before message validation confirmed that the message originated from the correct host. This would allow one host A to create a message with the ID of another host B that could then update the cached sequence number for B. While the message from A would fail validation and be ignored, the cached sequence number for B would get updated. This would lead to a temporary DoS for host B as its messages were incorrectly rejected as replays. This fixes the issue by setting the cached sequence number after message validation. |
||
|---|---|---|
| .. | ||
| ratelimit | ||
| incoming_test.go | ||
| incoming.go | ||