+Thu Dec 20 16:14:52 CET 2001 Pekka Riikonen <priikone@silcnet.org>
+
+ * The silc_packet_receive_process now returns FALSE if the
+ read data was invalid packet, and TRUE if it was ok.
+
+ The server now checks that if unauthenticated connection
+ sends data and its processing fails the server will close
+ the connection since it could be a malicious flooder.
+
+ Affected files lib/silccore/silcpacket.[ch], silcd/server.c.
+
Wed Dec 19 21:31:25 EET 2001 Pekka Riikonen <priikone@silcnet.org>
* Make sure the warning about error opening a log file is
/* Process the packet. This will call the parser that will then
decrypt and parse the packet. */
- silc_packet_receive_process(sock, server->server_type == SILC_ROUTER ?
- TRUE : FALSE, cipher, hmac, sequence,
- silc_server_packet_parse, server);
+ ret = silc_packet_receive_process(sock, server->server_type == SILC_ROUTER ?
+ TRUE : FALSE, cipher, hmac, sequence,
+ silc_server_packet_parse, server);
+
+ /* If this socket connection is not authenticated yet and the packet
+ processing failed we will drop the connection since it can be
+ a malicious flooder. */
+ if (sock->type == SILC_SOCKET_TYPE_UNKNOWN && ret == FALSE &&
+ (!sock->protocol || sock->protocol->protocol->type ==
+ SILC_PROTOCOL_SERVER_KEY_EXCHANGE)) {
+ SILC_LOG_DEBUG(("Bad data sent from unknown connection %d", sock->sock));
+ SILC_SET_DISCONNECTING(sock);
+
+ if (sock->user_data)
+ silc_server_free_sock_user_data(server, sock);
+ silc_server_close_connection(server, sock);
+ }
}
/* Parses whole packet, received earlier. */
SilcPacketParserContext will indicate also whether the received
packet was normal or special packet. */
-void silc_packet_receive_process(SilcSocketConnection sock,
+bool silc_packet_receive_process(SilcSocketConnection sock,
bool local_is_router,
SilcCipher cipher, SilcHmac hmac,
uint32 sequence,
/* Do not process for disconnected connection */
if (SILC_IS_DISCONNECTED(sock))
- return;
-
+ return TRUE;
+
if (sock->inbuf->len < SILC_PACKET_MIN_HEADER_LEN)
- return;
+ return TRUE;
if (hmac)
mac_len = silc_hmac_len(hmac);
if (sock->inbuf->len < SILC_PACKET_MIN_HEADER_LEN) {
SILC_LOG_DEBUG(("Partial packet in queue, waiting for the rest"));
- return;
+ return TRUE;
}
/* Decrypt first 16 bytes of the packet */
if (packetlen < SILC_PACKET_MIN_LEN) {
SILC_LOG_DEBUG(("Received invalid packet, dropped"));
silc_buffer_clear(sock->inbuf);
- return;
+ return FALSE;
}
if (sock->inbuf->len < paddedlen + mac_len) {
SILC_LOG_DEBUG(("Received partial packet, waiting for the rest"
"(%d < %d)", sock->inbuf->len, paddedlen + mac_len));
SILC_SET_INBUF_PENDING(sock);
- return;
+ return TRUE;
}
SILC_UNSET_INBUF_PENDING(sock);
}
if (cont == FALSE && sock->inbuf->len > 0)
- return;
+ return TRUE;
SILC_LOG_DEBUG(("Clearing inbound buffer"));
silc_buffer_clear(sock->inbuf);
+ return TRUE;
}
/* Checks MAC in the packet. Returns TRUE if MAC is Ok. This is called
*
* SYNOPSIS
*
- * void silc_packet_receive_process(SilcSocketConnection sock,
+ * bool silc_packet_receive_process(SilcSocketConnection sock,
* bool local_is_router,
* SilcCipher cipher, SilcHmac hmac,
* SilcPacketParserCallback parser,
* packet was normal or special packet.
*
***/
-void silc_packet_receive_process(SilcSocketConnection sock,
+bool silc_packet_receive_process(SilcSocketConnection sock,
bool local_is_router,
SilcCipher cipher, SilcHmac hmac,
uint32 sequence,
# Get all headers in the source directory
headers=`find $SRC -name "silc*.h"`
+#
+# ASCII documentation
+#
+if [ "$TYPE" = "ASCII" ]; then
+
+fi
+
#
# HTML documentation
#
do
n=`grep $k $i |cut -d= -f2 |cut -d: -f2`
echo "<LI><A HREF="$k">$n</A>" >>$DST/$fname.links
- echo "
> <A HREF="$k">$n</A><BR>" >>$DST/index.tmpl
+ echo " <A HREF="$k">$n</A><BR>" >>$DST/index.tmpl
done
done
projects / silc.git / commitdiff