rbxii3/firmware
1
0
Fork 0
mirror of https://github.com/meshtastic/firmware.git synced 2025-12-14 06:42:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix NodeInfo exploit overwriting publicKey in NodeDB (#6372)

Browse Source 
Co-authored-by: dfsx1 <dfsx1@users.noreply.github.com>
This commit is contained in:
dfsx1
2025-03-23 10:49:06 +00:00
committed by GitHub
parent 1e4a0134e6
commit cf7f0f9d08
1 changed files with 8 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/mesh/NodeDB.cpp
View File

@@ -1437,13 +1437,14 @@ bool NodeDB::updateUser(uint32_t nodeId, meshtastic_User &p, uint8_t channelInde
#if !(MESHTASTIC_EXCLUDE_PKI)
if (p.public_key.size > 0) {
printBytes("Incoming Pubkey: ", p.public_key.bytes, 32);
if (info->user.public_key.size > 0) { // if we have a key for this user already, don't overwrite with a new one
LOG_INFO("Public Key set for node, not updating!");
// we copy the key into the incoming packet, to prevent overwrite
memcpy(p.public_key.bytes, info->user.public_key.bytes, 32);
} else {
LOG_INFO("Update Node Pubkey!");
}
}
if (info->user.public_key.size > 0) { // if we have a key for this user already, don't overwrite with a new one
LOG_INFO("Public Key set for node, not updating!");
// we copy the key into the incoming packet, to prevent overwrite
p.public_key.size = 32;
memcpy(p.public_key.bytes, info->user.public_key.bytes, 32);
} else if (p.public_key.size > 0) {
LOG_INFO("Update Node Pubkey!");
}
#endif