verify peer_id in signed-record matches authenticated sender

2026-02-12 16:10:57 +00:00 · 2025-08-20 18:07:32 +05:30
parent 3aacb3a391
commit 3917d7b596
6 changed files with 49 additions and 21 deletions
--- a/libp2p/kad_dht/provider_store.py
+++ b/libp2p/kad_dht/provider_store.py
@ -286,7 +286,7 @@ class ProviderStore:

            if response.type == Message.MessageType.ADD_PROVIDER:
                # Consume the sender's signed-peer-record if sent
-                if not maybe_consume_signed_record(response, self.host):
+                if not maybe_consume_signed_record(response, self.host, peer_id):
                    logger.error(
                        "Received an invalid-signed-record, ignoring the response"
                    )
@ -432,7 +432,7 @@ class ProviderStore:
                    return []

                # Consume the sender's signed-peer-record if sent
-                if not maybe_consume_signed_record(response, self.host):
+                if not maybe_consume_signed_record(response, self.host, peer_id):
                    logger.error(
                        "Recieved an invalid-signed-record, ignoring the response"
                    )
@ -442,7 +442,8 @@ class ProviderStore:
                providers = []
                for provider_proto in response.providerPeers:
                    try:
-                        # Consume the provider's signed-peer-record if sent
+                        # Consume the provider's signed-peer-record if sent, peer-id
+                        # already sent with the provider-proto
                        if not maybe_consume_signed_record(provider_proto, self.host):
                            logger.error(
                                "Recieved an invalid-signed-record, "