diff --git a/Cargo.lock b/Cargo.lock index 4c12e6fb9843..b3d1cd0d76df 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2687,7 +2687,7 @@ dependencies = [ [[package]] name = "libp2p-autonat" -version = "0.13.0" +version = "0.13.1" dependencies = [ "async-std", "async-trait", diff --git a/protocols/autonat/CHANGELOG.md b/protocols/autonat/CHANGELOG.md index e171412aa586..f1aeda6ac183 100644 --- a/protocols/autonat/CHANGELOG.md +++ b/protocols/autonat/CHANGELOG.md @@ -1,3 +1,6 @@ +## 0.13.1 +- Verify that an incoming AutoNAT dial comes from a connected peer. See [PR 5597](https://github.com/libp2p/rust-libp2p/pull/5597). + ## 0.13.0 - Due to the refactor of `Transport` it's no longer required to create a seperate transport for diff --git a/protocols/autonat/Cargo.toml b/protocols/autonat/Cargo.toml index 2c01d18dceb0..0c0e757641df 100644 --- a/protocols/autonat/Cargo.toml +++ b/protocols/autonat/Cargo.toml @@ -3,7 +3,7 @@ name = "libp2p-autonat" edition = "2021" rust-version = { workspace = true } description = "NAT and firewall detection for libp2p" -version = "0.13.0" +version = "0.13.1" authors = ["David Craven ", "Elena Frank ", "Hannes Furmans "] license = "MIT" repository = "https://github.com/libp2p/rust-libp2p" diff --git a/protocols/autonat/src/v1/behaviour/as_server.rs b/protocols/autonat/src/v1/behaviour/as_server.rs index 3ecdd3ac26e8..1289bd53d24c 100644 --- a/protocols/autonat/src/v1/behaviour/as_server.rs +++ b/protocols/autonat/src/v1/behaviour/as_server.rs @@ -107,6 +107,21 @@ impl<'a> HandleInnerEvent for AsServer<'a> { }, } => { let probe_id = self.probe_id.next(); + if !self.connected.contains_key(&peer) { + tracing::debug!( + %peer, + "Reject inbound dial request from peer since it is not connected" + ); + + return VecDeque::from([ToSwarm::GenerateEvent(Event::InboundProbe( + InboundProbeEvent::Error { + probe_id, + peer, + error: InboundProbeError::Response(ResponseError::DialRefused), + }, + ))]); + } + match self.resolve_inbound_request(peer, request) { Ok(addrs) => { tracing::debug!(