{
SilcBuffer buffer;
SilcUInt32 len;
- unsigned char *autf8 = NULL;
- SilcUInt32 autf8_len;
SILC_LOG_DEBUG(("Encoding Authentication Payload"));
- /* Passphrase MUST be UTF-8 encoded, encode if it is not */
- if (method == SILC_AUTH_PASSWORD && !silc_utf8_valid(auth_data, auth_len)) {
- autf8_len = silc_utf8_encoded_len(auth_data, auth_len, 0);
- if (!autf8_len)
- return NULL;
- autf8 = silc_calloc(autf8_len, sizeof(*autf8));
- auth_len = silc_utf8_encode(auth_data, auth_len, 0, autf8, autf8_len);
- auth_data = (const unsigned char *)autf8;
- }
-
len = 2 + 2 + 2 + random_len + 2 + auth_len;
buffer = silc_buffer_alloc_size(len);
- if (!buffer) {
- silc_free(autf8);
+ if (!buffer)
return NULL;
- }
-
silc_buffer_format(buffer,
SILC_STR_UI_SHORT(len),
SILC_STR_UI_SHORT(method),
SILC_STR_UI_XNSTRING(auth_data, auth_len),
SILC_STR_END);
- silc_free(autf8);
return buffer;
}
return payload->auth_method;
}
-/* Get the authentication data. If this is passphrase it is UTF-8 encoded. */
+/* Get the authentication data */
unsigned char *silc_auth_get_data(SilcAuthPayload payload,
SilcUInt32 *auth_len)
case SILC_AUTH_PASSWORD:
/* Passphrase based authentication. The `pkcs', `hash', `id' and `type'
arguments are not needed. */
+ /* Carefully check that the auth_data field of the payload is not empty
+ (len=0), which seems to be a legal packet but would crash the
+ application. Maybe such packet should be dropped. -Johnny 2002/14/4 */
+ if ((payload->auth_len == 0) || !auth_data)
+ break;
+
+ /* if lengths mismatch, avoid comparing unallocated memory locations */
+ if (payload->auth_len != auth_data_len)
+ break;
if (!memcmp(payload->auth_data, auth_data, auth_data_len)) {
- SILC_LOG_DEBUG(("Authentication successful"));
+ SILC_LOG_DEBUG(("Passphrase Authentication successful"));
return TRUE;
}
break;
/* Same as above but parses the authentication payload before verify. */
-bool silc_auth_verify_data(const unsigned char *payload,
- SilcUInt32 payload_len,
+bool silc_auth_verify_data(const unsigned char *payload, SilcUInt32 payload_len,
SilcAuthMethod auth_method, const void *auth_data,
SilcUInt32 auth_data_len, SilcHash hash,
const void *id, SilcIdType type)