projects / silc.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fixed passphrase authentication as responder.
[silc.git] / lib / silcske / silcconnauth.c
diff --git a/lib/silcske/silcconnauth.c b/lib/silcske/silcconnauth.c
index e7b41c55e6b6b36f042db9d3b221b44ba45b8b0e..97fdd1668b47d4452e5e8a86d95223f2defb8f11 100644 (file)
--- a/lib/silcske/silcconnauth.c
+++ b/lib/silcske/silcconnauth.c
@@ -384,8 +384,13 @@ SILC_FSM_STATE(silc_connauth_st_initiator_failure)
     SILC_PUT32_MSB(SILC_AUTH_FAILED, error);
     silc_packet_send(connauth->ske->stream, SILC_PACKET_FAILURE, 0, error, 4);
 
+    silc_packet_stream_unlink(connauth->ske->stream,
+                             &silc_connauth_stream_cbs, connauth);
+    silc_schedule_task_del_by_context(silc_fsm_get_schedule(fsm), connauth);
+
     /* Call completion callback */
     connauth->completion(connauth, FALSE, connauth->context);
+    return SILC_FSM_FINISH;
   }
 
   silc_packet_stream_unlink(connauth->ske->stream,
@@ -560,7 +565,8 @@ SILC_FSM_STATE(silc_connauth_st_responder_authenticate)
   /* Passphrase authentication */
   if (passphrase && passphrase_len) {
     SILC_LOG_DEBUG(("Passphrase authentication"));
-    if (!memcmp(auth_data, passphrase, passphrase_len)) {
+    if (!auth_data || payload_len != passphrase_len ||
+       memcmp(auth_data, passphrase, passphrase_len)) {
       /** Authentication failed */
       silc_fsm_next(fsm, silc_connauth_st_responder_failure);
       return SILC_FSM_CONTINUE;
@@ -571,6 +577,12 @@ SILC_FSM_STATE(silc_connauth_st_responder_authenticate)
 
     SILC_LOG_DEBUG(("Digital signature authentication"));
 
+    if (!auth_data) {
+      /** Authentication failed */
+      silc_fsm_next(fsm, silc_connauth_st_responder_failure);
+      return SILC_FSM_CONTINUE;
+    }
+
     connauth->auth_data = silc_memdup(auth_data, payload_len);
     connauth->auth_data_len = payload_len;
 
@@ -654,13 +666,13 @@ SILC_FSM_STATE(silc_connauth_st_responder_success)
   SILC_PUT32_MSB(SILC_AUTH_OK, tmp);
   silc_packet_send(connauth->ske->stream, SILC_PACKET_SUCCESS, 0, tmp, 4);
 
-  /* Call completion callback */
-  connauth->completion(connauth, TRUE, connauth->context);
-
   silc_packet_stream_unlink(connauth->ske->stream,
                            &silc_connauth_stream_cbs, connauth);
   silc_schedule_task_del_by_context(silc_fsm_get_schedule(fsm), connauth);
 
+  /* Call completion callback */
+  connauth->completion(connauth, TRUE, connauth->context);
+
   return SILC_FSM_FINISH;
 }
 
@@ -676,8 +688,14 @@ SILC_FSM_STATE(silc_connauth_st_responder_failure)
     SILC_PUT32_MSB(SILC_AUTH_FAILED, error);
     silc_packet_send(connauth->ske->stream, SILC_PACKET_FAILURE, 0, error, 4);
 
+    silc_packet_stream_unlink(connauth->ske->stream,
+                             &silc_connauth_stream_cbs, connauth);
+    silc_schedule_task_del_by_context(silc_fsm_get_schedule(fsm), connauth);
+
     /* Call completion callback */
     connauth->completion(connauth, FALSE, connauth->context);
+
+    return SILC_FSM_FINISH;
   }
 
   silc_packet_stream_unlink(connauth->ske->stream,
SILC - Secure Internet Live Conferencing