From 6f3e830b8c25a42ad714a32e60e398bcfc3796f5 Mon Sep 17 00:00:00 2001 From: Pekka Riikonen Date: Sat, 16 Nov 2002 11:16:06 +0000 Subject: [PATCH] Fixed KE Start Payload parsing to check for mandatory fields. --- CHANGES | 9 +++++++++ doc/draft-riikonen-silc-ke-auth-06.nroff | 18 ++++++++++-------- lib/silccrypt/silchmac.c | 2 +- lib/silcske/payload.c | 20 +++++++++++++++----- 4 files changed, 35 insertions(+), 14 deletions(-) diff --git a/CHANGES b/CHANGES index 59ff6151..3f0ef4ee 100644 --- a/CHANGES +++ b/CHANGES @@ -1,7 +1,16 @@ +Sat Nov 16 13:14:45 EET 20022 Pekka Riikonen + + * Fixed the KE Start Payload parsing to check that mandatory + fields are present. Affected file lib/silcske/payload.c. + + * Fixed compilation warnigs in Irssi SILC Client. Affected + files are irssi/src/silc/core/silc-query.c. client_ops.c. + Thu Nov 14 19:33:28 CET 2002 Jochen Eisinger * Print "nick now appears as newnick" and update Irssi's nicklist when you change your nick to "nick". Closes #62 + * Never format your own nick. Closes #63 Thu Nov 14 09:44:54 CET 2002 Jochen Eisinger diff --git a/doc/draft-riikonen-silc-ke-auth-06.nroff b/doc/draft-riikonen-silc-ke-auth-06.nroff index 624fa81e..e5d0b280 100644 --- a/doc/draft-riikonen-silc-ke-auth-06.nroff +++ b/doc/draft-riikonen-silc-ke-auth-06.nroff @@ -339,7 +339,7 @@ o Payload Length (2 bytes) - Length of the entire Key Exchange o Cookie (16 bytes) - Cookie that randomize this payload so that each of the party cannot determine the payload before - hand. + hand. This field MUST be present. o Version String Length (2 bytes) - The length of the Version String field, not including any other field. @@ -348,46 +348,48 @@ o Version String (variable length) - Indicates the version of the sender of this payload. Initiator sets this when sending the payload and responder sets this when it replies by sending this payload. See [SILC1] for definition of the version - string format. + string format. This field MUST be present and include valid + version string. o Key Exchange Grp Length (2 bytes) - The length of the key exchange group list, not including any other field. o Key Exchange Group (variable length) - The list of key exchange groups. See the section 2.4 SILC Key Exchange - Groups for definitions of these groups. + Groups for definitions of these groups. This field MUST + be present. o PKCS Alg Length (2 bytes) - The length of the PKCS algorithms list, not including any other field. o PKCS Algorithms (variable length) - The list of PKCS - algorithms. + algorithms. This field MUST be present. o Encryption Alg Length (2 bytes) - The length of the encryption algorithms list, not including any other field. o Encryption Algorithms (variable length) - The list of - encryption algorithms. + encryption algorithms. This field MUST be present. o Hash Alg Length (2 bytes) - The length of the Hash algorithm list, not including any other field. o Hash Algorithms (variable length) - The list of Hash algorithms. The hash algorithms are mainly used in the - SKE protocol. + SKE protocol. This field MUST be present. o HMAC Length (2 bytes) - The length of the HMAC list, not including any other field. o HMACs (variable length) - The list of HMACs. The HMAC's are used to compute the Message Authentication Codes (MAC) - of the SILC packets. + of the SILC packets. This field MUST be present. o Compression Alg Length (2 bytes) - The length of the compression algorithms list, not including any other field. o Compression Algorithms (variable length) - The list of - compression algorithms. + compression algorithms. This field MAY be omitted. .in 3 diff --git a/lib/silccrypt/silchmac.c b/lib/silccrypt/silchmac.c index e839956e..d2c50121 100644 --- a/lib/silccrypt/silchmac.c +++ b/lib/silccrypt/silchmac.c @@ -185,7 +185,7 @@ bool silc_hmac_unregister_all(void) of the HMAC. If it is NULL then the hash function is allocated and the name of the hash algorithm is derived from the `name'. */ -bool silc_hmac_alloc(char *name, SilcHash hash, SilcHmac *new_hmac) +bool silc_hmac_alloc(const char *name, SilcHash hash, SilcHmac *new_hmac) { SILC_LOG_DEBUG(("Allocating new HMAC")); diff --git a/lib/silcske/payload.c b/lib/silcske/payload.c index eeb22f01..99457a80 100644 --- a/lib/silcske/payload.c +++ b/lib/silcske/payload.c @@ -147,6 +147,16 @@ silc_ske_payload_start_decode(SilcSKE ske, goto err; } + /* Check for mandatory fields */ + if (!payload->cookie || !payload->version_len || + !payload->ke_grp_len || !payload->pkcs_alg_len || + !payload->enc_alg_len || !payload->hash_alg_len || + !payload->hmac_alg_len) { + SILC_LOG_ERROR(("KE Start Payload is missing mandatory fields")); + status = SILC_SKE_STATUS_BAD_PAYLOAD; + goto err; + } + /* Return the payload */ *return_payload = payload; @@ -276,9 +286,9 @@ SilcSKEStatus silc_ske_payload_ke_decode(SilcSKE ske, goto err; } - if (ske->start_payload && - (payload->pk_type < SILC_SKE_PK_TYPE_SILC || - payload->pk_type > SILC_SKE_PK_TYPE_SPKI)) { + if (ske->start_payload && + ((payload->pk_type < SILC_SKE_PK_TYPE_SILC || + payload->pk_type > SILC_SKE_PK_TYPE_SPKI) || !payload->pk_len)) { SILC_LOG_ERROR(("Malformed public key in KE payload")); status = SILC_SKE_STATUS_BAD_PAYLOAD; goto err; @@ -304,8 +314,8 @@ SilcSKEStatus silc_ske_payload_ke_decode(SilcSKE ske, tot_len += x_len + 2; tot_len += payload->sign_len + 2; - if (x_len < 3) { - SILC_LOG_ERROR(("Too short signature in KE Payload")); + if (x_len < 16) { + SILC_LOG_ERROR(("Too short DH value in KE Payload")); status = SILC_SKE_STATUS_BAD_PAYLOAD; goto err; } -- 2.24.0