fixed crash when bogus payload (auth_data == NULL) was received.

	also don't extend the memcmp to memory locations not really allocated.

diff --git a/CHANGES b/CHANGES
index baec17fa376157a42822b03842bdd5eff383b7c3..844cc1d5a2231a59ea88b8d5891beeaec87dc898 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,9 @@
+Sun Apr 14 20:41:28 CEST 2002  Johnny Mnemonic <johnny@themnemonic.org>
+
+       * Fixed a bug in library where sending a bogus authentication
+         payload would lead to a crash.  Affected file is
+         lib/silccore/silcauth.c.
+
 Mon Apr  8 19:57:40 CEST 2002  Johnny Mnemonic <johnny@themnemonic.org>
 
        * Added config parse status SILC_CONFIG_EPRINTLINE, this status

diff --git a/lib/silccore/silcauth.c b/lib/silccore/silcauth.c
index 6e73a9f468bff84c7d84f0ee993e1bc32c613d22..73da54044d3124dc564c82252ad24bad4a05bc06 100644 (file)
--- a/lib/silccore/silcauth.c
+++ b/lib/silccore/silcauth.c
@@ -369,8 +369,17 @@ bool silc_auth_verify(SilcAuthPayload payload, SilcAuthMethod auth_method,
   case SILC_AUTH_PASSWORD:
     /* Passphrase based authentication. The `pkcs', `hash', `id' and `type'
        arguments are not needed. */
+    /* Carefully check that the auth_data field of the payload is not empty
+       (len=0), which seems to be a legal packet but would crash the
+       application. Maybe such packet should be dropped. -Johnny 2002/14/4 */
+    if ((payload->auth_len == 0) || !auth_data)
+      break;
+
+    /* if lengths mismatch, avoid comparing unallocated memory locations */
+    if (payload->auth_len != auth_data_len)
+      break;
     if (!memcmp(payload->auth_data, auth_data, auth_data_len)) {
-      SILC_LOG_DEBUG(("Authentication successful"));
+      SILC_LOG_DEBUG(("Passphrase Authentication successful"));
       return TRUE;
     }
     break;