+Sat Mar 16 22:39:23 EET 2002 Pekka Riikonen <priikone@silcnet.org>
+
+ * Check for unauthenticated client and server in the
+ silc_server_new_client and silc_server_new_server functions.
+ Affected file silcd/packet_receive.c.
+
+ * Added function silc_string_is_ascii to check whether given
+ string is 7-bit ASCII string. Affected files are
+ lib/silcutil/silcutil.[ch].
+
+ * Added function silc_id_is_valid_server_id into the
+ silcd/serverid.c and added checking for valid Server ID's in
+ silc_server_new_server. The Server ID must always be based
+ on the server's public IP address.
+
+ * Added logging of DISCONNECT packet message in the server.
+ Affected file silcd/server.c.
+
Sat Mar 16 18:04:30 EET 2002 Pekka Riikonen <priikone@silcnet.org>
* Changed all library interfaces that use Global RNG to also
13. Add the killer's client ID to the KILLED notify. To be included in
protocol version 1.1.
+
+ 14. The length of Arguments Num field in Notify Payload and Command
+ Payload enforces that total of 256 arguments can be associated
+ to a such payload. However, command-xx draft specified much higher
+ values, and these should be fixed.
/* Remove the old cache entry. */
if (!silc_idcache_del_by_context(server->local_list->clients, client)) {
- SILC_LOG_ERROR(("Lost client's cache entry - report a bug"));
+ SILC_LOG_INFO(("Unauthenticated client attempted to register to network"));
silc_server_disconnect_remote(server, sock, "Server closed connection: "
- "Unknown client");
+ "You have not been authenticated");
return NULL;
}
/* Remove the old cache entry */
if (!silc_idcache_del_by_context(server->local_list->servers, new_server)) {
- silc_idcache_del_by_context(server->global_list->servers, new_server);
+ if (!silc_idcache_del_by_context(server->global_list->servers,
+ new_server)) {
+ SILC_LOG_INFO(("Unauthenticated %s attempted to register to "
+ "network", (sock->type == SILC_SOCKET_TYPE_SERVER ?
+ "server" : "router")));
+ silc_server_disconnect_remote(server, sock, "Server closed connection: "
+ "You have not been authenticated");
+ return NULL;
+ }
local = FALSE;
}
}
silc_free(id_string);
+ /* Check for valid server ID */
+ if (!silc_id_is_valid_server_id(server, server_id, sock)) {
+ SILC_LOG_INFO(("Invalid server ID sent by %s (%s)",
+ sock->ip, sock->hostname));
+ silc_server_disconnect_remote(server, sock, "Server closed connection: "
+ "Your Server ID is not valid");
+ silc_free(server_name);
+ return NULL;
+ }
+
/* Check that we do not have this ID already */
server_entry = silc_idlist_find_server_by_id(server->local_list,
server_id, TRUE, NULL);
SILC_LOG_DEBUG(("Disconnect packet"));
if (packet->flags & SILC_PACKET_FLAG_LIST)
break;
+ if (silc_string_is_ascii(packet->buffer->data, packet->buffer->len)) {
+ /* Duplicate to null terminate the string. */
+ char *message = silc_memdup(packet->buffer->data, packet->buffer->len);
+ SILC_LOG_ERROR(("%s", message));
+ silc_free(message);
+ }
break;
case SILC_PACKET_SUCCESS:
return TRUE;
}
+
+/* Checks whether the `server_id' is valid. It must be based to the
+ IP address provided in the `remote' socket connection. */
+
+bool silc_id_is_valid_server_id(SilcServer server,
+ SilcServerID *server_id,
+ SilcSocketConnection remote)
+{
+ unsigned char ip[16];
+
+ if (!silc_net_addr2bin(remote->ip, ip, sizeof(ip)))
+ return FALSE;
+
+ if (silc_net_is_ip4(remote->ip)) {
+ if (!memcmp(server_id->ip.data, ip, 4))
+ return TRUE;
+ } else {
+ if (!memcmp(server_id->ip.data, ip, 16))
+ return TRUE;
+ }
+
+ return FALSE;
+}
bool silc_id_create_channel_id(SilcServer server,
SilcServerID *router_id, SilcRng rng,
SilcChannelID **new_id);
+bool silc_id_is_valid_server_id(SilcServer server,
+ SilcServerID *server_id,
+ SilcSocketConnection remote);
#endif
(*new_hash)->hash = entry;
(*new_hash)->context = silc_calloc(1, entry->context_len());
(*new_hash)->make_hash = silc_hash_make;
+ return TRUE;
}
return FALSE;
return strdup(fingerprint);
}
+
+/* Return TRUE if the `data' is ASCII string. */
+
+bool silc_string_is_ascii(const unsigned char *data, SilcUInt32 data_len)
+{
+ int i;
+
+ for (i = 0; i < data_len; i++) {
+ if (!isascii(data[i]))
+ return FALSE;
+ }
+
+ return TRUE;
+}
char *silc_client_chumode_char(SilcUInt32 mode);
int silc_gettimeofday(struct timeval *p);
char *silc_fingerprint(const unsigned char *data, SilcUInt32 data_len);
+bool silc_string_is_ascii(const unsigned char *data, SilcUInt32 data_len);
#endif
projects / silc.git / commitdiff