+Sun Apr 14 19:49:02 CEST 2002 Johnny Mnemonic <johnny@themnemonic.org>
+
+ * Fixed a bug in library where sending a bogus authentication
+ payload would lead to a crash. Affected file is
+ lib/silccore/silcauth.c.
+
Sat Apr 13 13:09:24 EEST 2002 Pekka Riikonen <priikone@silcnet.org>
* Added detach_disabled and detach_timeout server config
Fri Apr 12 20:09:08 EEST 2002 Pekka Riikonen <priikone@silcnet.org>
- Added resolve_cmd_ident field to the SilcClientEntry structure
+ * Added resolve_cmd_ident field to the SilcClientEntry structure
too so that if the entry is for example being resolved so
another command may attach to the same pending command reply
without requiring to resolve the same entry again. Added
return NULL;
}
- /* Authentication data must be provided */
- if (newp->auth_len < 1) {
- silc_auth_payload_free(newp);
- return NULL;
- }
-
/* If password authentication, random data must not be set */
if (newp->auth_method == SILC_AUTH_PASSWORD && newp->random_len) {
silc_auth_payload_free(newp);
{
SILC_LOG_DEBUG(("Verifying authentication"));
- if (!payload || auth_method != payload->auth_method)
+ if (auth_method != payload->auth_method)
return FALSE;
switch (payload->auth_method) {
case SILC_AUTH_PASSWORD:
/* Passphrase based authentication. The `pkcs', `hash', `id' and `type'
arguments are not needed. */
-
- /* Sanity checks */
- if ((payload->auth_len == 0) || !auth_data ||
- payload->auth_len != auth_data_len)
+ /* Carefully check that the auth_data field of the payload is not empty
+ (len=0), which seems to be a legal packet but would crash the
+ application. Maybe such packet should be dropped. -Johnny 2002/14/4 */
+ if ((payload->auth_len == 0) || !auth_data)
break;
+ /* if lengths mismatch, avoid comparing unallocated memory locations */
+ if (payload->auth_len != auth_data_len)
+ break;
if (!memcmp(payload->auth_data, auth_data, auth_data_len)) {
SILC_LOG_DEBUG(("Passphrase Authentication successful"));
return TRUE;
projects / silc.git / commitdiff