From a17df0f63c87b1547c5ac1edfa12e16e1bbd6505 Mon Sep 17 00:00:00 2001 From: Patrik Weiskircher Date: Sun, 30 Nov 2003 17:50:46 +0000 Subject: [PATCH] Fixed signed channel messages across cells. --- CHANGES | 5 +++++ apps/silcd/packet_send.c | 21 ++++++++++++++++++--- 2 files changed, 23 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index 3e545b2f..c4953d67 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,8 @@ +Sun Nov 30 19:47:02 CET 2003 Patrik Weiskircher + + * Fixed signed channel messages across cells. Affected file + silcd/packet_send.c + Fri Nov 28 19:13:21 EET 2003 Pekka Riikonen * Changed the SILC_LOG_* macros to not be empty if SILC_DEBUG diff --git a/apps/silcd/packet_send.c b/apps/silcd/packet_send.c index 454b6b5e..317168e4 100644 --- a/apps/silcd/packet_send.c +++ b/apps/silcd/packet_send.c @@ -759,6 +759,7 @@ silc_server_packet_relay_to_channel_encrypt(SilcServer server, { SilcUInt32 mac_len, iv_len; unsigned char iv[SILC_CIPHER_MAX_IV_SIZE]; + SilcUInt16 totlen, len; /* If we are router and the packet came from router and private key has not been set for the channel then we must encrypt the packet @@ -784,10 +785,24 @@ silc_server_packet_relay_to_channel_encrypt(SilcServer server, return FALSE; } + totlen = 2; + SILC_GET16_MSB(len, data + totlen); + totlen += 2 + len; + if (totlen + iv_len + mac_len + 2 > data_len) { + SILC_LOG_WARNING(("Corrupted channel message, cannot relay it")); + return FALSE; + } + SILC_GET16_MSB(len, data + totlen); + totlen += 2 + len; + if (totlen + iv_len + mac_len > data_len) { + SILC_LOG_WARNING(("Corrupted channel message, cannot relay it")); + return FALSE; + } + memcpy(iv, data + (data_len - iv_len - mac_len), iv_len); - silc_message_payload_encrypt(data, data_len - iv_len - mac_len, - data_len - mac_len, iv, iv_len, - channel->channel_key, channel->hmac); + silc_message_payload_encrypt(data, totlen, data_len - mac_len, + iv, iv_len, channel->channel_key, + channel->hmac); } return TRUE; -- 2.43.0