Merged from silc_1_0_branch.

[silc.git] / lib / silcske / payload.c

diff --git a/lib/silcske/payload.c b/lib/silcske/payload.c
index eeb22f011ad591a73cf6e1dfe2ca9d320391bdaa..d7fb301d5e514acfb0ff31626a026d87ee2e7313 100644 (file)
--- a/lib/silcske/payload.c
+++ b/lib/silcske/payload.c
@@ -1,16 +1,15 @@
 /*
 
-  payload.c
+  payload.c 
 
   Author: Pekka Riikonen <priikone@silcnet.org>
 
-  Copyright (C) 2000 - 2001 Pekka Riikonen
+  Copyright (C) 2000 - 2002 Pekka Riikonen
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
-  the Free Software Foundation; either version 2 of the License, or
-  (at your option) any later version.
-  
+  the Free Software Foundation; version 2 of the License.
+
   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
@@ -36,10 +35,9 @@ SilcSKEStatus silc_ske_payload_start_encode(SilcSKE ske,
   if (!payload)
     return SILC_SKE_STATUS_ERROR;
 
-  buf = silc_buffer_alloc(payload->len);
+  buf = silc_buffer_alloc_size(payload->len);
   if (!buf)
     return SILC_SKE_STATUS_OUT_OF_MEMORY;
-  silc_buffer_pull_tail(buf, SILC_BUFFER_END(buf));
 
   /* Encode the payload */
   ret = silc_buffer_format(buf,
@@ -135,7 +133,6 @@ silc_ske_payload_start_decode(SilcSKE ske,
   }
 
   if (tmp != 0) {
-    SILC_LOG_DEBUG(("Bad reserved field"));
     SILC_LOG_ERROR(("Bad RESERVED field in KE Start Payload"));
     status = SILC_SKE_STATUS_BAD_RESERVED_FIELD;
     goto err;
@@ -147,6 +144,16 @@ silc_ske_payload_start_decode(SilcSKE ske,
     goto err;
   }
 
+  /* Check for mandatory fields */
+  if (!payload->cookie || !payload->version_len ||
+      !payload->ke_grp_len || !payload->pkcs_alg_len ||
+      !payload->enc_alg_len || !payload->hash_alg_len ||
+      !payload->hmac_alg_len) {
+    SILC_LOG_ERROR(("KE Start Payload is missing mandatory fields"));
+    status = SILC_SKE_STATUS_BAD_PAYLOAD;
+    goto err;
+  }
+
   /* Return the payload */
   *return_payload = payload;
 
@@ -205,11 +212,10 @@ SilcSKEStatus silc_ske_payload_ke_encode(SilcSKE ske,
 
   /* Allocate channel payload buffer. The length of the buffer
      is 4 + public key + 2 + x + 2 + signature. */
-  buf = silc_buffer_alloc(4 + payload->pk_len + 2 + x_len + 
-                         2 + payload->sign_len);
+  buf = silc_buffer_alloc_size(4 + payload->pk_len + 2 + x_len + 
+                              2 + payload->sign_len);
   if (!buf)
     return SILC_SKE_STATUS_OUT_OF_MEMORY;
-  silc_buffer_pull_tail(buf, SILC_BUFFER_END(buf));
 
   /* Encode the payload */
   ret = silc_buffer_format(buf, 
@@ -276,9 +282,9 @@ SilcSKEStatus silc_ske_payload_ke_decode(SilcSKE ske,
     goto err;
   }
 
-  if (ske->start_payload && 
-      (payload->pk_type < SILC_SKE_PK_TYPE_SILC || 
-       payload->pk_type > SILC_SKE_PK_TYPE_SPKI)) {
+  if (ske->start_payload &&
+      ((payload->pk_type < SILC_SKE_PK_TYPE_SILC || 
+       payload->pk_type > SILC_SKE_PK_TYPE_SPKI) || !payload->pk_len)) {
     SILC_LOG_ERROR(("Malformed public key in KE payload"));
     status = SILC_SKE_STATUS_BAD_PAYLOAD;
     goto err;
@@ -304,8 +310,8 @@ SilcSKEStatus silc_ske_payload_ke_decode(SilcSKE ske,
   tot_len += x_len + 2;
   tot_len += payload->sign_len + 2;
 
-  if (x_len < 3) {
-    SILC_LOG_ERROR(("Too short signature in KE Payload"));
+  if (x_len < 16) {
+    SILC_LOG_ERROR(("Too short DH value in KE Payload"));
     status = SILC_SKE_STATUS_BAD_PAYLOAD;
     goto err;
   }