watchtower/wtdb: check tower exists on session create

Before creating a new session, first check that the TowerID that the ClientSession is referencing refers to an existing tower. This is done to prevent the situation where RemoveTower is called right before CreateClientSession is called which would, before this commit, lead to the session being created with a tower ID that does not refer to any existing tower.
2025-09-06 17:47:01 +02:00 · 2022-10-04 15:08:18 +02:00
parent 5dabf7cb3e
commit e150bb83d1
2 changed files with 48 additions and 26 deletions
--- a/watchtower/wtdb/client_db.go
+++ b/watchtower/wtdb/client_db.go
@@ -574,6 +574,11 @@ func (c *ClientDB) CreateClientSession(session *ClientSession) error {
 			return ErrUninitializedDB
 		}

+		towers := tx.ReadBucket(cTowerBkt)
+		if towers == nil {
+			return ErrUninitializedDB
+		}
+
 		// Check that  client session with this session id doesn't
 		// already exist.
 		existingSessionBytes := sessions.NestedReadWriteBucket(
@@ -583,7 +588,13 @@ func (c *ClientDB) CreateClientSession(session *ClientSession) error {
 			return ErrClientSessionAlreadyExists
 		}

+		// Ensure that a tower with the given ID actually exists in the
+		// DB.
 		towerID := session.TowerID
+		if _, err := getTower(towers, towerID.Bytes()); err != nil {
+			return err
+		}
+
 		blobType := session.Policy.BlobType

 		// Check that this tower has a reserved key index.