Skip to content

Drop NodeInfo packets if the is_licensed bit doesn't match owner #7361

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
thebentern merged 1 commit into from
Jul 16, 2025
Merged

Drop NodeInfo packets if the is_licensed bit doesn't match owner #7361

thebentern merged 1 commit into from
Jul 16, 2025

Conversation

@jp-bennett
Copy link
Collaborator

@jp-bennett jp-bennett commented Jul 16, 2025

While triaging other issues, it became apparent that we accept invalid NodeInfo packets, regarding is_licensed. Closing that loophole

@jp-bennett jp-bennett requested a review from thebentern July 16, 2025 17:58
@thebentern thebentern requested a review from Copilot July 16, 2025 18:10
Copilot AI reviewed Jul 16, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds a validation step to drop incoming NodeInfo packets when the is_licensed flag doesn’t match the local owner’s flag, preventing acceptance of invalid packets.

  • Introduce a guard in handleReceivedProtobuf to compare p.is_licensed with owner.is_licensed
  • Log a warning and return early to drop mismatched packets
Comments suppressed due to low confidence (1)

src/modules/NodeInfoModule.cpp:17

  • There should be unit or integration tests covering both matching and mismatching is_licensed scenarios to verify that packets are correctly accepted or dropped.
    if (p.is_licensed != owner.is_licensed) {

@thebentern thebentern merged commit c3b2b47 into master Jul 16, 2025
52 checks passed
@thebentern thebentern deleted the is_licensed-desync branch July 16, 2025 21:05
oscgonfer pushed a commit to fablabbcn/smartcitizen-meshtastic that referenced this pull request Jul 22, 2025
@jp-bennett @oscgonfer
Drop NodeInfo packets if the is_licensed bit doesn't match owner (mes…
6be4290 
…htastic#7361)
oscgonfer pushed a commit to fablabbcn/smartcitizen-meshtastic that referenced this pull request Jul 23, 2025
@jp-bennett @oscgonfer
Drop NodeInfo packets if the is_licensed bit doesn't match owner (mes…
38c0d78 
…htastic#7361)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@thebentern thebentern Awaiting requested review from thebentern

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jp-bennett @thebentern