hotfix: blacklist middle 36.6

2025-06-08 05:57:03 +09:00 · 2024-11-01 18:39:22 +01:00 · 2024-11-01 18:39:22 +01:00 · 334f99f9b5
commit 334f99f9b5
parent 5e3780958e
2 changed files with 41 additions and 5 deletions
--- a/net/secureservice/credential.go
+++ b/net/secureservice/credential.go
@ -1,12 +1,15 @@
 package secureservice
 import (
 	"strings"
 	"go.uber.org/zap"
 	"golang.org/x/exp/slices"
 	"github.com/anyproto/any-sync/commonspace/object/accountdata"
 	"github.com/anyproto/any-sync/net/secureservice/handshake"
 	"github.com/anyproto/any-sync/net/secureservice/handshake/handshakeproto"
 	"github.com/anyproto/any-sync/util/crypto"
 	"go.uber.org/zap"
 	"golang.org/x/exp/slices"
 )
 func newNoVerifyChecker(protoVersion uint32, compatibleProtoVersions []uint32, clientVersion string) handshake.CredentialChecker {
@ -34,6 +37,11 @@ func (n noVerifyChecker) CheckCredential(remotePeerId string, cred *handshakepro
 		err = handshake.ErrIncompatibleVersion
 		return
 	}
 	// Hotfix for a bad version
 	if strings.Contains(cred.ClientVersion, "middle:v0.36.6") {
 		err = handshake.ErrIncompatibleVersion
 		return
 	}
 	return handshake.Result{
 		ProtoVersion:  cred.Version,
 		ClientVersion: cred.ClientVersion,
@ -103,6 +111,11 @@ func (p *peerSignVerifier) CheckCredential(remotePeerId string, cred *handshakep
 		err = handshake.ErrInvalidCredentials
 		return
 	}
 	// Hotfix for a bad version
 	if strings.Contains(cred.ClientVersion, "middle:v0.36.6") {
 		err = handshake.ErrIncompatibleVersion
 		return
 	}
 	return handshake.Result{
 		Identity:      msg.Identity,
 		ProtoVersion:  cred.Version,
--- a/net/secureservice/credential_test.go
+++ b/net/secureservice/credential_test.go
@ -1,12 +1,14 @@
 package secureservice
 import (
 	"testing"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"github.com/anyproto/any-sync/commonspace/object/accountdata"
 	"github.com/anyproto/any-sync/net/secureservice/handshake"
 	"github.com/anyproto/any-sync/testutil/accounttest"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"testing"
 )
 func TestPeerSignVerifier_CheckCredential(t *testing.T) {
@ -58,6 +60,27 @@ func TestIncompatibleVersion(t *testing.T) {
 	assert.EqualError(t, err, handshake.ErrInvalidCredentials.Error())
 }
 func TestIncompatibleVersion_Issue4423(t *testing.T) {
 	a1 := newTestAccData(t)
 	a2 := newTestAccData(t)
 	identity2, _ := a2.SignKey.GetPublic().Marshall()
 	cc1 := newPeerSignVerifier(1, []uint32{1}, "Linux:0.43.3/middle:v0.36.6/any-sync:v0.5.11", a1)
 	cc2 := newPeerSignVerifier(1, []uint32{1}, "test:v1", a2)
 	c1 := a2.PeerId
 	c2 := a1.PeerId
 	cr1 := cc1.MakeCredentials(c1)
 	cr2 := cc2.MakeCredentials(c2)
 	res, err := cc1.CheckCredential(c1, cr2)
 	assert.NoError(t, err)
 	assert.Equal(t, identity2, res.Identity)
 	_, err = cc2.CheckCredential(c2, cr1)
 	assert.ErrorIs(t, err, handshake.ErrIncompatibleVersion)
 }
 func newTestAccData(t *testing.T) *accountdata.AccountKeys {
 	as := accounttest.AccountTestService{}
 	require.NoError(t, as.Init(nil))