projects
/
crypto.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
bdb7922
)
updates
author
Pekka Riikonen
<priikone@silcnet.org>
Mon, 22 Apr 2002 09:05:19 +0000
(09:05 +0000)
committer
Pekka Riikonen
<priikone@silcnet.org>
Mon, 22 Apr 2002 09:05:19 +0000
(09:05 +0000)
doc/draft-riikonen-silc-pp-05.nroff
patch
|
blob
|
history
lib/silccore/silcauth.c
patch
|
blob
|
history
lib/silccore/silcchannel.c
patch
|
blob
|
history
lib/silccore/silcid.c
patch
|
blob
|
history
lib/silccore/silcprivate.c
patch
|
blob
|
history
diff --git
a/doc/draft-riikonen-silc-pp-05.nroff
b/doc/draft-riikonen-silc-pp-05.nroff
index 377c32d3780374d4b3cad4b96f2e51e6c423201c..5a888a2463fc4d8643c1b481af36f0021268d6da 100644
(file)
--- a/
doc/draft-riikonen-silc-pp-05.nroff
+++ b/
doc/draft-riikonen-silc-pp-05.nroff
@@
-1707,7
+1707,7
@@
o Message Flags (2 bytes) - Includes the Message Flags of
Private range for free use.
o Message Length (2 bytes) - Indicates the length of the
Private range for free use.
o Message Length (2 bytes) - Indicates the length of the
-
the
Message Data field in the payload, not including any
+ Message Data field in the payload, not including any
other field.
o Message Data (variable length) - The actual message to
other field.
o Message Data (variable length) - The actual message to
diff --git
a/lib/silccore/silcauth.c
b/lib/silccore/silcauth.c
index cab3ae998f2c09306bfb49d399b62708d991ca35..7cb173ecc702c94ed760c659b04aeb8edf4607d2 100644
(file)
--- a/
lib/silccore/silcauth.c
+++ b/
lib/silccore/silcauth.c
@@
-68,7
+68,14
@@
SilcAuthPayload silc_auth_payload_parse(const unsigned char *data,
return NULL;
}
return NULL;
}
- if (newp->len != buffer.len) {
+ if (newp->len != buffer.len ||
+ newp->random_len + newp->auth_len > buffer.len - 8) {
+ silc_auth_payload_free(newp);
+ return NULL;
+ }
+
+ /* Authentication data must be provided */
+ if (newp->auth_len < 1) {
silc_auth_payload_free(newp);
return NULL;
}
silc_auth_payload_free(newp);
return NULL;
}
@@
-379,7
+386,7
@@
bool silc_auth_verify(SilcAuthPayload payload, SilcAuthMethod auth_method,
{
SILC_LOG_DEBUG(("Verifying authentication"));
{
SILC_LOG_DEBUG(("Verifying authentication"));
- if (auth_method != payload->auth_method)
+ if (
!payload ||
auth_method != payload->auth_method)
return FALSE;
switch (payload->auth_method) {
return FALSE;
switch (payload->auth_method) {
@@
-391,15
+398,12
@@
bool silc_auth_verify(SilcAuthPayload payload, SilcAuthMethod auth_method,
case SILC_AUTH_PASSWORD:
/* Passphrase based authentication. The `pkcs', `hash', `id' and `type'
arguments are not needed. */
case SILC_AUTH_PASSWORD:
/* Passphrase based authentication. The `pkcs', `hash', `id' and `type'
arguments are not needed. */
- /* Carefully check that the auth_data field of the payload is not empty
- (len=0), which seems to be a legal packet but would crash the
- application. Maybe such packet should be dropped. -Johnny 2002/14/4 */
- if ((payload->auth_len == 0) || !auth_data)
- break;
- /* if lengths mismatch, avoid comparing unallocated memory locations */
- if (payload->auth_len != auth_data_len)
+ /* Sanity checks */
+ if ((payload->auth_len == 0) || !auth_data ||
+ payload->auth_len != auth_data_len)
break;
break;
+
if (!memcmp(payload->auth_data, auth_data, auth_data_len)) {
SILC_LOG_DEBUG(("Passphrase Authentication successful"));
return TRUE;
if (!memcmp(payload->auth_data, auth_data, auth_data_len)) {
SILC_LOG_DEBUG(("Passphrase Authentication successful"));
return TRUE;
diff --git
a/lib/silccore/silcchannel.c
b/lib/silccore/silcchannel.c
index 5254c9ed59eb23d9b51b94623a058ba5d271c749..83f91977bc1520f6d3f6c79733f60e861c29ed36 100644
(file)
--- a/
lib/silccore/silcchannel.c
+++ b/
lib/silccore/silcchannel.c
@@
-67,8
+67,9
@@
SilcChannelPayload silc_channel_payload_parse(const unsigned char *payload,
if (ret == -1)
goto err;
if (ret == -1)
goto err;
- if ((newp->name_len < 1 || newp->name_len > buffer.len) ||
- (newp->id_len < 1 || newp->id_len > buffer.len)) {
+ if ((newp->name_len < 1 || newp->name_len > buffer.len - 8) ||
+ (newp->id_len < 1 || newp->id_len > buffer.len - 8) ||
+ (newp->id_len + newp->name_len > buffer.len - 8)) {
SILC_LOG_ERROR(("Incorrect channel payload in packet, packet dropped"));
goto err;
}
SILC_LOG_ERROR(("Incorrect channel payload in packet, packet dropped"));
goto err;
}
@@
-373,7
+374,8
@@
silc_channel_message_payload_parse(unsigned char *payload,
if (ret == -1)
goto err;
if (ret == -1)
goto err;
- if (newp->data_len > buffer.len) {
+ if ((newp->data_len > buffer.len - 6 - mac_len - iv_len) ||
+ (newp->pad_len + newp->data_len > buffer.len - 6 - mac_len - iv_len)) {
SILC_LOG_ERROR(("Incorrect channel message payload in packet, "
"packet dropped"));
goto err;
SILC_LOG_ERROR(("Incorrect channel message payload in packet, "
"packet dropped"));
goto err;
@@
-582,7
+584,8
@@
silc_channel_key_payload_parse(const unsigned char *payload,
if (ret == -1)
goto err;
if (ret == -1)
goto err;
- if (newp->id_len < 1 || newp->key_len < 1 || newp->cipher_len < 1) {
+ if (newp->id_len < 1 || newp->key_len < 1 || newp->cipher_len < 1 ||
+ newp->id_len + newp->cipher_len + newp->key_len > buffer.len - 6) {
SILC_LOG_ERROR(("Incorrect channel key payload in packet"));
goto err;
}
SILC_LOG_ERROR(("Incorrect channel key payload in packet"));
goto err;
}
diff --git
a/lib/silccore/silcid.c
b/lib/silccore/silcid.c
index 6e892c087b2a8dedb675bbf4206408873fe48637..57524d36af8addbbab813db00bb24c59cea79143 100644
(file)
--- a/
lib/silccore/silcid.c
+++ b/
lib/silccore/silcid.c
@@
-67,7
+67,7
@@
SilcIDPayload silc_id_payload_parse(const unsigned char *payload,
silc_buffer_pull(&buffer, 4);
silc_buffer_pull(&buffer, 4);
- if (newp->len > buffer.len || newp->len > SILC_PACKET_MAX_ID_LEN)
+ if (newp->len > buffer.len
- 4
|| newp->len > SILC_PACKET_MAX_ID_LEN)
goto err;
ret = silc_buffer_unformat(&buffer,
goto err;
ret = silc_buffer_unformat(&buffer,
diff --git
a/lib/silccore/silcprivate.c
b/lib/silccore/silcprivate.c
index ac99257f21595ee14a737d7fb8be608a9c1e6d84..3ddf730751bdda1dca22bffa658de6ed6cfc6eda 100644
(file)
--- a/
lib/silccore/silcprivate.c
+++ b/
lib/silccore/silcprivate.c
@@
-86,7
+86,7
@@
silc_private_message_payload_parse(unsigned char *payload,
goto err;
}
goto err;
}
- if ((newp->message_len < 1 || newp->message_len > buffer.len)) {
+ if ((newp->message_len < 1 || newp->message_len > buffer.len
- 4
)) {
SILC_LOG_DEBUG(("Incorrect private message payload in packet, "
"packet dropped"));
goto err;
SILC_LOG_DEBUG(("Incorrect private message payload in packet, "
"packet dropped"));
goto err;