From: Pekka Riikonen Date: Sun, 11 Feb 2001 14:09:34 +0000 (+0000) Subject: Code auditing weekend results and fixes committing. X-Git-Tag: SILC.0.1~258 X-Git-Url: http://git.silcnet.org/gitweb/?p=silc.git;a=commitdiff_plain;h=48d89bc2868ec49c2ab9aa74efe9ac703eee8f29 Code auditing weekend results and fixes committing. --- diff --git a/CHANGES b/CHANGES index d2b087de..c61205c7 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,47 @@ +Sat Feb 10 21:13:45 EET 2001 Pekka Riikonen + + * A big code auditing weekend happening. Auditing code for + obvious mistakes, bugs and errors. Also, removing any code + that is obsolete. + + Removed files for being obsolete: + + o lib/silcutil/silcbuffer.c (the buffer interface is entirely in + inline in the file lib/silcutil/silcbuffer.h) + + o lib/silcutil/silcbufutil.c (the header has inline versions) + + Changed code to fix possible error conditions: + + o The buffer formatting routines now check that the destination + buffer really has enough space to add the data. This applies for + both buffer formatting and unformatting + (lib/silcutil/silcbuffmt.[ch]). Also, the entire buffer + unformatting was changed to accomodate following rules: + XXX_*STRING_ALLOC will allocate space for the data into the pointer + sent to the function while XXX_*STRING will not allocate or copy + the data into the buffer. Instead it sets the pointer from the + buffer into the pointer sent as argument (XXX_*STRING used to + require that the pointer must be allocated already). This change + makes this whole thing a bit more consistent and more optimized + (note that the data returned in the unformatting with XXX_*STRING + must not be freed now). The routines return now -1 on error. + + o Tried to find all code that use buffer_format and buffer_unformat + and added return value checking to prevent formatting and + especially unformatting errors and possible subsequent fatal + errors. + + o Changed ske->x and ske->KEY to mallocated pointers in + lib/silcske/silcske.h. Fixed possible data and memory leak. + + o Added return value checking to all *_parse* functions. Fixed + many memory leaks as well. + + o Added length argument to silc_id_str2id in lib/silccore/id.[ch] + so that buffer overflows would not happen. All code now also + checks the return value as it can fail. + Mon Feb 5 20:08:30 EET 2001 Pekka Riikonen * Added reconnection support to server if the normal server looses diff --git a/apps/silcd/command.c b/apps/silcd/command.c index 44ef1f94..3241d595 100644 --- a/apps/silcd/command.c +++ b/apps/silcd/command.c @@ -4,7 +4,7 @@ Author: Pekka Riikonen - Copyright (C) 1997 - 2000 Pekka Riikonen + Copyright (C) 1997 - 2001 Pekka Riikonen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -351,6 +351,10 @@ silc_server_command_whois_parse(SilcServerCommandContext cmd, *client_id = silc_calloc(1, sizeof(**client_id)); (*client_id)[0] = silc_id_payload_parse_id(tmp, len); + if ((*client_id)[0] == NULL) { + silc_free(*client_id); + return FALSE; + } *client_id_count = 1; /* Take all ID's from the command packet */ @@ -360,8 +364,15 @@ silc_server_command_whois_parse(SilcServerCommandContext cmd, if (tmp) { *client_id = silc_realloc(*client_id, sizeof(**client_id) * (*client_id_count + 1)); - (*client_id)[k++] = silc_id_payload_parse_id(tmp, len); + (*client_id)[k] = silc_id_payload_parse_id(tmp, len); + if ((*client_id)[k] == NULL) { + for (i = 0; i < k; i++) + silc_free((*client_id)[i]); + silc_free(*client_id); + return FALSE; + } (*client_id_count)++; + k++; } } } @@ -1309,6 +1320,11 @@ SILC_SERVER_CMD_FUNC(topic) goto out; } channel_id = silc_id_payload_parse_id(tmp, tmp_len); + if (!channel_id) { + silc_server_command_send_status_reply(cmd, SILC_COMMAND_TOPIC, + SILC_STATUS_ERR_NO_CHANNEL_ID); + goto out; + } /* Check whether the channel exists */ channel = silc_idlist_find_channel_by_id(server->local_list, @@ -1411,6 +1427,11 @@ SILC_SERVER_CMD_FUNC(invite) goto out; } dest_id = silc_id_payload_parse_id(tmp, len); + if (!dest_id) { + silc_server_command_send_status_reply(cmd, SILC_COMMAND_INVITE, + SILC_STATUS_ERR_NO_CLIENT_ID); + goto out; + } /* Get Channel ID */ tmp = silc_argument_get_arg_type(cmd->args, 2, &len); @@ -1420,6 +1441,11 @@ SILC_SERVER_CMD_FUNC(invite) goto out; } channel_id = silc_id_payload_parse_id(tmp, len); + if (!channel_id) { + silc_server_command_send_status_reply(cmd, SILC_COMMAND_INVITE, + SILC_STATUS_ERR_NO_CHANNEL_ID); + goto out; + } /* Check whether the channel exists */ channel = silc_idlist_find_channel_by_id(server->local_list, @@ -1610,7 +1636,7 @@ SILC_SERVER_CMD_FUNC(ping) SILC_STATUS_ERR_NO_SERVER_ID); goto out; } - id = silc_id_str2id(tmp, SILC_ID_SERVER); + id = silc_id_str2id(tmp, len, SILC_ID_SERVER); if (!id) goto out; @@ -1660,6 +1686,13 @@ void silc_server_command_send_users(SilcServer server, cmd = silc_calloc(1, sizeof(*cmd)); cmd->payload = silc_command_payload_parse(buffer); + if (!cmd->payload) { + silc_free(cmd); + silc_buffer_free(buffer); + silc_buffer_free(idp); + silc_packet_context_free(packet); + return; + } cmd->args = silc_command_get_args(cmd->payload); cmd->server = server; cmd->sock = sock; @@ -1674,16 +1707,16 @@ void silc_server_command_send_users(SilcServer server, silc_server_command_pending(server, SILC_COMMAND_USERS, 0, silc_server_command_users, (void *)cmd); cmd->pending = TRUE; - silc_free(buffer); - silc_free(idp); + silc_buffer_free(buffer); + silc_buffer_free(idp); return; } /* Process USERS command. */ silc_server_command_users((void *)cmd); - silc_free(buffer); - silc_free(idp); + silc_buffer_free(buffer); + silc_buffer_free(idp); silc_packet_context_free(packet); } @@ -1916,8 +1949,11 @@ SILC_SERVER_CMD_FUNC(join) goto out; } client_id = silc_id_payload_parse_id(tmp, tmp_len); - if (!client_id) + if (!client_id) { + silc_server_command_send_status_reply(cmd, SILC_COMMAND_JOIN, + SILC_STATUS_ERR_NOT_ENOUGH_PARAMS); goto out; + } /* Get cipher name */ cipher = silc_argument_get_arg_type(cmd->args, 4, NULL); @@ -2165,6 +2201,11 @@ SILC_SERVER_CMD_FUNC(cmode) goto out; } channel_id = silc_id_payload_parse_id(tmp_id, tmp_len2); + if (!channel_id) { + silc_server_command_send_status_reply(cmd, SILC_COMMAND_CMODE, + SILC_STATUS_ERR_NO_CHANNEL_ID); + goto out; + } /* Get the channel mode mask */ tmp_mask = silc_argument_get_arg_type(cmd->args, 2, &tmp_len); @@ -2519,6 +2560,11 @@ SILC_SERVER_CMD_FUNC(cumode) goto out; } channel_id = silc_id_payload_parse_id(tmp_id, tmp_len); + if (!channel_id) { + silc_server_command_send_status_reply(cmd, SILC_COMMAND_CUMODE, + SILC_STATUS_ERR_NO_CHANNEL_ID); + goto out; + } /* Get channel entry */ channel = silc_idlist_find_channel_by_id(server->local_list, @@ -2569,6 +2615,11 @@ SILC_SERVER_CMD_FUNC(cumode) goto out; } client_id = silc_id_payload_parse_id(tmp_id, tmp_len); + if (!client_id) { + silc_server_command_send_status_reply(cmd, SILC_COMMAND_CUMODE, + SILC_STATUS_ERR_NO_CHANNEL_ID); + goto out; + } /* Get target client's entry */ target_client = silc_idlist_find_client_by_id(server->local_list, @@ -2707,6 +2758,11 @@ SILC_SERVER_CMD_FUNC(leave) goto out; } id = silc_id_payload_parse_id(tmp, len); + if (!id) { + silc_server_command_send_status_reply(cmd, SILC_COMMAND_LEAVE, + SILC_STATUS_ERR_NO_CHANNEL_ID); + goto out; + } /* Get channel entry */ channel = silc_idlist_find_channel_by_id(server->local_list, id, NULL); @@ -2807,6 +2863,11 @@ SILC_SERVER_CMD_FUNC(users) goto out; } id = silc_id_payload_parse_id(channel_id, channel_id_len); + if (!id) { + silc_server_command_send_status_reply(cmd, SILC_COMMAND_USERS, + SILC_STATUS_ERR_NO_CHANNEL_ID); + goto out; + } /* If we are server and we don't know about this channel we will send the command to our router. If we know about the channel then we also diff --git a/apps/silcd/command.h b/apps/silcd/command.h index 5e6858a4..de0b464b 100644 --- a/apps/silcd/command.h +++ b/apps/silcd/command.h @@ -4,7 +4,7 @@ Author: Pekka Riikonen - Copyright (C) 1997 - 2000 Pekka Riikonen + Copyright (C) 1997 - 2001 Pekka Riikonen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/apps/silcd/command_reply.c b/apps/silcd/command_reply.c index 2cbc3f67..b6858d77 100644 --- a/apps/silcd/command_reply.c +++ b/apps/silcd/command_reply.c @@ -4,7 +4,7 @@ Author: Pekka Riikonen - Copyright (C) 1997 - 2000 Pekka Riikonen + Copyright (C) 1997 - 2001 Pekka Riikonen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -142,6 +142,8 @@ silc_server_command_reply_whois_save(SilcServerCommandReplyContext cmd) return FALSE; client_id = silc_id_payload_parse_id(id_data, id_len); + if (!client_id) + return FALSE; /* Check if we have this client cached already. */ @@ -227,25 +229,6 @@ SILC_SERVER_CMD_REPLY_FUNC(whois) if (!silc_server_command_reply_whois_save(cmd)) goto out; - /* XXX */ - - /* Process one identify reply */ - if (status == SILC_STATUS_OK) { - - } - - if (status == SILC_STATUS_LIST_START) { - - } - - if (status == SILC_STATUS_LIST_ITEM) { - - } - - if (status == SILC_STATUS_LIST_END) { - - } - /* Execute any pending commands */ SILC_SERVER_COMMAND_EXEC_PENDING(cmd, SILC_COMMAND_WHOIS); @@ -275,6 +258,8 @@ silc_server_command_reply_identify_save(SilcServerCommandReplyContext cmd) return FALSE; client_id = silc_id_payload_parse_id(id_data, id_len); + if (!client_id) + return FALSE; /* Check if we have this client cached already. */ @@ -363,24 +348,6 @@ SILC_SERVER_CMD_REPLY_FUNC(identify) if (!silc_server_command_reply_identify_save(cmd)) goto out; - /* XXX */ - - if (status == SILC_STATUS_OK) { - - } - - if (status == SILC_STATUS_LIST_START) { - - } - - if (status == SILC_STATUS_LIST_ITEM) { - - } - - if (status == SILC_STATUS_LIST_END) { - - } - /* Execute any pending commands */ SILC_SERVER_COMMAND_EXEC_PENDING(cmd, SILC_COMMAND_IDENTIFY); @@ -428,6 +395,8 @@ SILC_SERVER_CMD_REPLY_FUNC(join) if (!tmp) goto out; SILC_GET32_MSB(created, tmp); + if (created != 0 && created != 1) + goto out; /* Get channel key */ tmp = silc_argument_get_arg_type(cmd->args, 6, &len); @@ -438,6 +407,8 @@ SILC_SERVER_CMD_REPLY_FUNC(join) silc_buffer_put(keyp, tmp, len); id = silc_id_payload_parse_id(id_string, id_len); + if (!id) + goto out; /* See whether we already have the channel. */ entry = silc_idlist_find_channel_by_id(server->local_list, id, NULL); @@ -505,6 +476,8 @@ SILC_SERVER_CMD_REPLY_FUNC(users) if (!tmp) goto out; channel_id = silc_id_payload_parse_id(tmp, tmp_len); + if (!channel_id) + goto out; /* Get the list count */ tmp = silc_argument_get_arg_type(cmd->args, 3, &tmp_len); @@ -553,6 +526,8 @@ SILC_SERVER_CMD_REPLY_FUNC(users) SILC_GET16_MSB(idp_len, client_id_list->data + 2); idp_len += 4; client_id = silc_id_payload_parse_id(client_id_list->data, idp_len); + if (!client_id) + continue; silc_buffer_pull(client_id_list, idp_len); /* Mode */ @@ -577,6 +552,10 @@ SILC_SERVER_CMD_REPLY_FUNC(users) client = silc_idlist_add_client(server->global_list, NULL, NULL, NULL, client_id, cmd->sock->user_data, NULL); + if (!client) { + silc_free(client_id); + continue; + } } else { /* We have the client already. */ silc_free(client_id); diff --git a/apps/silcd/command_reply.h b/apps/silcd/command_reply.h index 9e0eb531..62a696e8 100644 --- a/apps/silcd/command_reply.h +++ b/apps/silcd/command_reply.h @@ -4,7 +4,7 @@ Author: Pekka Riikonen - Copyright (C) 1997 - 2000 Pekka Riikonen + Copyright (C) 1997 - 2001 Pekka Riikonen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/apps/silcd/idlist.c b/apps/silcd/idlist.c index 47ada7d4..1a56eeab 100644 --- a/apps/silcd/idlist.c +++ b/apps/silcd/idlist.c @@ -4,7 +4,7 @@ Author: Pekka Riikonen - Copyright (C) 1997 - 2000 Pekka Riikonen + Copyright (C) 1997 - 2001 Pekka Riikonen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/apps/silcd/idlist.h b/apps/silcd/idlist.h index 0ab6c3ac..6b865eb9 100644 --- a/apps/silcd/idlist.h +++ b/apps/silcd/idlist.h @@ -4,7 +4,7 @@ Author: Pekka Riikonen - Copyright (C) 1997 - 2000 Pekka Riikonen + Copyright (C) 1997 - 2001 Pekka Riikonen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/apps/silcd/packet_receive.c b/apps/silcd/packet_receive.c index a5c24930..df24e835 100644 --- a/apps/silcd/packet_receive.c +++ b/apps/silcd/packet_receive.c @@ -4,7 +4,7 @@ Author: Pekka Riikonen - Copyright (C) 1997 - 2000 Pekka Riikonen + Copyright (C) 1997 - 2001 Pekka Riikonen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -49,7 +49,7 @@ void silc_server_private_message(SilcServer server, goto err; /* Decode destination Client ID */ - id = silc_id_str2id(packet->dst_id, SILC_ID_CLIENT); + id = silc_id_str2id(packet->dst_id, packet->dst_id_len, SILC_ID_CLIENT); if (!id) { SILC_LOG_ERROR(("Could not decode destination Client ID, dropped")); goto err; @@ -152,7 +152,9 @@ void silc_server_command_reply(SilcServer server, if (packet->dst_id_type == SILC_ID_CLIENT) { /* Destination must be one of ours */ - id = silc_id_str2id(packet->dst_id, SILC_ID_CLIENT); + id = silc_id_str2id(packet->dst_id, packet->dst_id_len, SILC_ID_CLIENT); + if (!id) + return; client = silc_idlist_find_client_by_id(server->local_list, id, NULL); if (!client) { SILC_LOG_ERROR(("Cannot process command reply to unknown client")); @@ -216,7 +218,9 @@ void silc_server_channel_message(SilcServer server, } /* Find channel entry */ - id = silc_id_str2id(packet->dst_id, SILC_ID_CHANNEL); + id = silc_id_str2id(packet->dst_id, packet->dst_id_len, SILC_ID_CHANNEL); + if (!id) + goto out; channel = silc_idlist_find_channel_by_id(server->local_list, id, NULL); if (!channel) { channel = silc_idlist_find_channel_by_id(server->global_list, id, NULL); @@ -230,7 +234,10 @@ void silc_server_channel_message(SilcServer server, from router we won't do the check as the message is from client that we don't know about. Also, if the original sender is not client (as it can be server as well) we don't do the check. */ - sender = silc_id_str2id(packet->src_id, packet->src_id_type); + sender = silc_id_str2id(packet->src_id, packet->src_id_len, + packet->src_id_type); + if (!sender) + goto out; if (sock->type != SILC_SOCKET_TYPE_ROUTER && packet->src_id_type == SILC_ID_CLIENT) { silc_list_start(channel->user_list); @@ -291,6 +298,7 @@ void silc_server_replace_id(SilcServer server, SilcIdType old_id_type, new_id_type; unsigned short old_id_len, new_id_len; void *id = NULL, *id2 = NULL; + int ret; if (sock->type == SILC_SOCKET_TYPE_CLIENT || packet->src_id_type == SILC_ID_CLIENT) @@ -298,12 +306,14 @@ void silc_server_replace_id(SilcServer server, SILC_LOG_DEBUG(("Replacing ID")); - silc_buffer_unformat(buffer, - SILC_STR_UI_SHORT(&old_id_type), - SILC_STR_UI16_NSTRING_ALLOC(&old_id, &old_id_len), - SILC_STR_UI_SHORT(&new_id_type), - SILC_STR_UI16_NSTRING_ALLOC(&new_id, &new_id_len), - SILC_STR_END); + ret = silc_buffer_unformat(buffer, + SILC_STR_UI_SHORT(&old_id_type), + SILC_STR_UI16_NSTRING_ALLOC(&old_id, &old_id_len), + SILC_STR_UI_SHORT(&new_id_type), + SILC_STR_UI16_NSTRING_ALLOC(&new_id, &new_id_len), + SILC_STR_END); + if (ret == -1) + goto out; if (old_id_type != new_id_type) goto out; @@ -312,11 +322,11 @@ void silc_server_replace_id(SilcServer server, new_id_len != silc_id_get_len(new_id_type)) goto out; - id = silc_id_str2id(old_id, old_id_type); + id = silc_id_str2id(old_id, old_id_len, old_id_type); if (!id) goto out; - id2 = silc_id_str2id(new_id, new_id_type); + id2 = silc_id_str2id(new_id, new_id_len, new_id_type); if (!id2) goto out; @@ -412,6 +422,7 @@ SilcClientEntry silc_server_new_client(SilcServer server, SilcBuffer reply; SilcIDListData idata; char *username = NULL, *realname = NULL, *id_string; + int ret; SILC_LOG_DEBUG(("Creating new client")); @@ -430,10 +441,17 @@ SilcClientEntry silc_server_new_client(SilcServer server, } /* Parse incoming packet */ - silc_buffer_unformat(buffer, - SILC_STR_UI16_STRING_ALLOC(&username), - SILC_STR_UI16_STRING_ALLOC(&realname), - SILC_STR_END); + ret = silc_buffer_unformat(buffer, + SILC_STR_UI16_STRING_ALLOC(&username), + SILC_STR_UI16_STRING_ALLOC(&realname), + SILC_STR_END); + if (ret == -1) { + if (username) + silc_free(username); + if (realname) + silc_free(realname); + return NULL; + } /* Create Client ID */ silc_id_create_client_id(server->id, server->rng, server->md5hash, @@ -545,6 +563,7 @@ SilcServerEntry silc_server_new_server(SilcServer server, SilcIDListData idata; unsigned char *server_name, *id_string; unsigned short id_len; + int ret; SILC_LOG_DEBUG(("Creating new server")); @@ -564,10 +583,17 @@ SilcServerEntry silc_server_new_server(SilcServer server, } /* Parse the incoming packet */ - silc_buffer_unformat(buffer, - SILC_STR_UI16_NSTRING_ALLOC(&id_string, &id_len), - SILC_STR_UI16_STRING_ALLOC(&server_name), - SILC_STR_END); + ret = silc_buffer_unformat(buffer, + SILC_STR_UI16_NSTRING_ALLOC(&id_string, &id_len), + SILC_STR_UI16_STRING_ALLOC(&server_name), + SILC_STR_END); + if (ret == -1) { + if (id_string) + silc_free(id_string); + if (server_name) + silc_free(server_name); + return NULL; + } if (id_len > buffer->len) { silc_free(id_string); @@ -576,7 +602,12 @@ SilcServerEntry silc_server_new_server(SilcServer server, } /* Get Server ID */ - server_id = silc_id_str2id(id_string, SILC_ID_SERVER); + server_id = silc_id_str2id(id_string, id_len, SILC_ID_SERVER); + if (!server_id) { + silc_free(id_string); + silc_free(server_name); + return NULL; + } silc_free(id_string); /* Update client entry */ @@ -751,10 +782,12 @@ void silc_server_remove_channel_user(SilcServer server, { SilcBuffer buffer = packet->buffer; unsigned char *tmp1 = NULL, *tmp2 = NULL; + unsigned int tmp1_len, tmp2_len; SilcClientID *client_id = NULL; SilcChannelID *channel_id = NULL; SilcChannelEntry channel; SilcClientEntry client; + int ret; SILC_LOG_DEBUG(("Removing user from channel")); @@ -762,16 +795,15 @@ void silc_server_remove_channel_user(SilcServer server, server->server_type == SILC_SERVER) return; - silc_buffer_unformat(buffer, - SILC_STR_UI16_STRING_ALLOC(&tmp1), - SILC_STR_UI16_STRING_ALLOC(&tmp2), - SILC_STR_END); - - if (!tmp1 || !tmp2) + ret = silc_buffer_unformat(buffer, + SILC_STR_UI16_NSTRING_ALLOC(&tmp1, &tmp1_len), + SILC_STR_UI16_NSTRING_ALLOC(&tmp2, &tmp2_len), + SILC_STR_END); + if (ret == -1) goto out; - client_id = silc_id_str2id(tmp1, SILC_ID_CLIENT); - channel_id = silc_id_str2id(tmp2, SILC_ID_CHANNEL); + client_id = silc_id_str2id(tmp1, tmp1_len, SILC_ID_CLIENT); + channel_id = silc_id_str2id(tmp2, tmp2_len, SILC_ID_CHANNEL); if (!client_id || !channel_id) goto out; @@ -833,6 +865,7 @@ void silc_server_new_channel(SilcServer server, SilcChannelID *channel_id; unsigned short channel_id_len; char *channel_name; + int ret; SILC_LOG_DEBUG(("Processing New Channel")); @@ -842,17 +875,20 @@ void silc_server_new_channel(SilcServer server, return; /* Parse payload */ - if (!silc_buffer_unformat(packet->buffer, - SILC_STR_UI16_STRING_ALLOC(&channel_name), - SILC_STR_UI16_NSTRING_ALLOC(&id, &channel_id_len), - SILC_STR_END)) + ret = silc_buffer_unformat(packet->buffer, + SILC_STR_UI16_STRING_ALLOC(&channel_name), + SILC_STR_UI16_NSTRING_ALLOC(&id, &channel_id_len), + SILC_STR_END); + if (ret == -1) { + if (channel_name) + silc_free(channel_name); + if (id) + silc_free(id); return; + } - if (!channel_name || !id) - return; - /* Decode the channel ID */ - channel_id = silc_id_str2id(id, SILC_ID_CHANNEL); + channel_id = silc_id_str2id(id, channel_id_len, SILC_ID_CHANNEL); if (!channel_id) return; silc_free(id); @@ -916,7 +952,8 @@ void silc_server_notify(SilcServer server, */ SILC_LOG_DEBUG(("JOIN notify")); - channel_id = silc_id_str2id(packet->dst_id, packet->dst_id_type); + channel_id = silc_id_str2id(packet->dst_id, packet->dst_id_len, + packet->dst_id_type); if (!channel_id) goto out; @@ -935,6 +972,10 @@ void silc_server_notify(SilcServer server, goto out; } client_id = silc_id_payload_parse_id(tmp, tmp_len); + if (!client_id) { + silc_free(channel_id); + goto out; + } /* Send to channel */ silc_server_packet_send_to_channel(server, NULL, channel, packet->type, @@ -951,9 +992,15 @@ void silc_server_notify(SilcServer server, client = silc_idlist_find_client_by_id(server->global_list, client_id, NULL); - if (!client) + if (!client) { client = silc_idlist_add_client(server->global_list, NULL, NULL, NULL, client_id, sock->user_data, sock); + if (!client) { + silc_free(channel_id); + silc_free(client_id); + goto out; + } + } /* The channel is global now */ channel->global_users = TRUE; @@ -975,7 +1022,8 @@ void silc_server_notify(SilcServer server, */ SILC_LOG_DEBUG(("LEAVE notify")); - channel_id = silc_id_str2id(packet->dst_id, packet->dst_id_type); + channel_id = silc_id_str2id(packet->dst_id, packet->dst_id_len, + packet->dst_id_type); if (!channel_id) goto out; @@ -994,6 +1042,10 @@ void silc_server_notify(SilcServer server, goto out; } client_id = silc_id_payload_parse_id(tmp, tmp_len); + if (!client_id) { + silc_free(channel_id); + goto out; + } /* Send to channel */ silc_server_packet_send_to_channel(server, NULL, channel, packet->type, @@ -1007,6 +1059,7 @@ void silc_server_notify(SilcServer server, client = silc_idlist_find_client_by_id(server->local_list, client_id, NULL); if (!client) { + silc_free(client_id); silc_free(channel_id); goto out; } @@ -1028,6 +1081,8 @@ void silc_server_notify(SilcServer server, if (!tmp) goto out; client_id = silc_id_payload_parse_id(tmp, tmp_len); + if (!client_id) + goto out; /* Get client entry */ client = silc_idlist_find_client_by_id(server->global_list, @@ -1063,12 +1118,16 @@ void silc_server_notify(SilcServer server, if (!id) goto out; client_id = silc_id_payload_parse_id(id, tmp_len); + if (!client_id) + goto out; /* Get new client ID */ id2 = silc_argument_get_arg_type(args, 2, &tmp_len); if (!id2) goto out; client_id2 = silc_id_payload_parse_id(id2, tmp_len); + if (!client_id2) + goto out; SILC_LOG_DEBUG(("Old Client ID id(%s)", silc_id_render(client_id, SILC_ID_CLIENT))); @@ -1147,6 +1206,7 @@ void silc_server_new_channel_user(SilcServer server, SilcChannelEntry channel; SilcChannelClientEntry chl; SilcBuffer clidp; + int ret; SILC_LOG_DEBUG(("Start")); @@ -1156,24 +1216,27 @@ void silc_server_new_channel_user(SilcServer server, return; /* Parse payload */ - if (!silc_buffer_unformat(packet->buffer, - SILC_STR_UI16_NSTRING_ALLOC(&tmpid1, - &channel_id_len), - SILC_STR_UI16_NSTRING_ALLOC(&tmpid2, - &client_id_len), - SILC_STR_END)) - return; - - if (!tmpid1 || !tmpid2) + ret = silc_buffer_unformat(packet->buffer, + SILC_STR_UI16_NSTRING_ALLOC(&tmpid1, + &channel_id_len), + SILC_STR_UI16_NSTRING_ALLOC(&tmpid2, + &client_id_len), + SILC_STR_END); + if (ret == -1) { + if (tmpid1) + silc_free(tmpid1); + if (tmpid2) + silc_free(tmpid2); return; + } /* Decode the channel ID */ - channel_id = silc_id_str2id(tmpid1, SILC_ID_CHANNEL); + channel_id = silc_id_str2id(tmpid1, channel_id_len, SILC_ID_CHANNEL); if (!channel_id) goto out; /* Decode the client ID */ - client_id = silc_id_str2id(tmpid2, SILC_ID_CLIENT); + client_id = silc_id_str2id(tmpid2, client_id_len, SILC_ID_CLIENT); if (!client_id) goto out; diff --git a/apps/silcd/packet_receive.h b/apps/silcd/packet_receive.h index 67f56892..4b822a6d 100644 --- a/apps/silcd/packet_receive.h +++ b/apps/silcd/packet_receive.h @@ -4,7 +4,7 @@ Author: Pekka Riikonen - Copyright (C) 1997 - 2000 Pekka Riikonen + Copyright (C) 1997 - 2001 Pekka Riikonen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/apps/silcd/packet_send.c b/apps/silcd/packet_send.c index ec26e5d1..12e68946 100644 --- a/apps/silcd/packet_send.c +++ b/apps/silcd/packet_send.c @@ -4,7 +4,7 @@ Author: Pekka Riikonen - Copyright (C) 1997 - 2000 Pekka Riikonen + Copyright (C) 1997 - 2001 Pekka Riikonen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -197,7 +197,7 @@ void silc_server_packet_broadcast(SilcServer server, /* If the packet is originated from our primary route we are not allowed to send the packet. */ - id = silc_id_str2id(packet->src_id, packet->src_id_type); + id = silc_id_str2id(packet->src_id, packet->src_id_len, packet->src_id_type); if (id && SILC_ID_SERVER_COMPARE(id, server->router->id)) { idata = (SilcIDListData)sock->user_data; diff --git a/apps/silcd/packet_send.h b/apps/silcd/packet_send.h index 2ce52f17..17b4a64d 100644 --- a/apps/silcd/packet_send.h +++ b/apps/silcd/packet_send.h @@ -4,7 +4,7 @@ Author: Pekka Riikonen - Copyright (C) 1997 - 2000 Pekka Riikonen + Copyright (C) 1997 - 2001 Pekka Riikonen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/apps/silcd/protocol.c b/apps/silcd/protocol.c index 60d8b0a1..991d5a48 100644 --- a/apps/silcd/protocol.c +++ b/apps/silcd/protocol.c @@ -4,7 +4,7 @@ Author: Pekka Riikonen - Copyright (C) 1997 - 2000 Pekka Riikonen + Copyright (C) 1997 - 2001 Pekka Riikonen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -54,13 +54,13 @@ static void silc_server_protocol_ke_send_packet(SilcSKE ske, /* Sets the negotiated key material into use for particular connection. */ -static void silc_server_protocol_ke_set_keys(SilcSKE ske, - SilcSocketConnection sock, - SilcSKEKeyMaterial *keymat, - SilcCipher cipher, - SilcPKCS pkcs, - SilcHash hash, - int is_responder) +static int silc_server_protocol_ke_set_keys(SilcSKE ske, + SilcSocketConnection sock, + SilcSKEKeyMaterial *keymat, + SilcCipher cipher, + SilcPKCS pkcs, + SilcHash hash, + int is_responder) { SilcUnknownEntry conn_data; SilcIDListData idata; @@ -72,8 +72,14 @@ static void silc_server_protocol_ke_set_keys(SilcSKE ske, idata = (SilcIDListData)conn_data; /* Allocate cipher to be used in the communication */ - silc_cipher_alloc(cipher->cipher->name, &idata->send_key); - silc_cipher_alloc(cipher->cipher->name, &idata->receive_key); + if (!silc_cipher_alloc(cipher->cipher->name, &idata->send_key)) { + silc_free(conn_data); + return FALSE; + } + if (!silc_cipher_alloc(cipher->cipher->name, &idata->receive_key)) { + silc_free(conn_data); + return FALSE; + } if (is_responder == TRUE) { idata->send_key->cipher->set_key(idata->send_key->context, @@ -108,11 +114,18 @@ static void silc_server_protocol_ke_set_keys(SilcSKE ske, #endif /* Save HMAC key to be used in the communication. */ - silc_hash_alloc(hash->hash->name, &nhash); + if (!silc_hash_alloc(hash->hash->name, &nhash)) { + silc_cipher_free(idata->send_key); + silc_cipher_free(idata->receive_key); + silc_free(conn_data); + return FALSE; + } silc_hmac_alloc(nhash, &idata->hmac); silc_hmac_set_key(idata->hmac, keymat->hmac_key, keymat->hmac_key_len); sock->user_data = (void *)conn_data; + + return TRUE; } /* Check remote host version string */ @@ -344,11 +357,15 @@ SILC_TASK_CALLBACK(silc_server_protocol_key_exchange) silc_ske_process_key_material(ctx->ske, 16, (16 * 8), 16, keymat); /* Take the new keys into use. */ - silc_server_protocol_ke_set_keys(ctx->ske, ctx->sock, keymat, - ctx->ske->prop->cipher, - ctx->ske->prop->pkcs, - ctx->ske->prop->hash, - ctx->responder); + if (!silc_server_protocol_ke_set_keys(ctx->ske, ctx->sock, keymat, + ctx->ske->prop->cipher, + ctx->ske->prop->pkcs, + ctx->ske->prop->hash, + ctx->responder)) { + protocol->state = SILC_PROTOCOL_STATE_ERROR; + protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000); + return; + } /* Unregister the timeout task since the protocol has ended. This was the timeout task to be executed if the protocol is @@ -519,13 +536,18 @@ SILC_TASK_CALLBACK(silc_server_protocol_connection_auth) /* Parse the received authentication data packet. The received payload is Connection Auth Payload. */ - silc_buffer_unformat(ctx->packet->buffer, - SILC_STR_UI_SHORT(&payload_len), - SILC_STR_UI_SHORT(&conn_type), - SILC_STR_END); + ret = silc_buffer_unformat(ctx->packet->buffer, + SILC_STR_UI_SHORT(&payload_len), + SILC_STR_UI_SHORT(&conn_type), + SILC_STR_END); + if (ret == -1) { + SILC_LOG_DEBUG(("Bad payload in authentication packet")); + protocol->state = SILC_PROTOCOL_STATE_ERROR; + protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000); + return; + } if (payload_len != ctx->packet->buffer->len) { - SILC_LOG_ERROR(("Bad payload in authentication packet")); SILC_LOG_DEBUG(("Bad payload in authentication packet")); protocol->state = SILC_PROTOCOL_STATE_ERROR; protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000); @@ -537,7 +559,6 @@ SILC_TASK_CALLBACK(silc_server_protocol_connection_auth) if (conn_type < SILC_SOCKET_TYPE_CLIENT || conn_type > SILC_SOCKET_TYPE_ROUTER) { SILC_LOG_ERROR(("Bad connection type %d", conn_type)); - SILC_LOG_DEBUG(("Bad connection type %d", conn_type)); protocol->state = SILC_PROTOCOL_STATE_ERROR; protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000); return; @@ -546,10 +567,17 @@ SILC_TASK_CALLBACK(silc_server_protocol_connection_auth) if (payload_len > 0) { /* Get authentication data */ silc_buffer_pull(ctx->packet->buffer, 4); - silc_buffer_unformat(ctx->packet->buffer, - SILC_STR_UI_XNSTRING_ALLOC(&auth_data, - payload_len), - SILC_STR_END); + ret = silc_buffer_unformat(ctx->packet->buffer, + SILC_STR_UI_XNSTRING_ALLOC(&auth_data, + payload_len), + SILC_STR_END); + if (ret == -1) { + SILC_LOG_DEBUG(("Bad payload in authentication packet")); + protocol->state = SILC_PROTOCOL_STATE_ERROR; + protocol->execute(server->timeout_queue, 0, + protocol, fd, 0, 300000); + return; + } } else { auth_data = NULL; } diff --git a/apps/silcd/protocol.h b/apps/silcd/protocol.h index a4ea9b36..d6f54663 100644 --- a/apps/silcd/protocol.h +++ b/apps/silcd/protocol.h @@ -4,7 +4,7 @@ Author: Pekka Riikonen - Copyright (C) 1997 - 2000 Pekka Riikonen + Copyright (C) 1997 - 2001 Pekka Riikonen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/apps/silcd/server.c b/apps/silcd/server.c index e102e883..26b214fd 100644 --- a/apps/silcd/server.c +++ b/apps/silcd/server.c @@ -4,7 +4,7 @@ Author: Pekka Riikonen - Copyright (C) 1997 - 2000 Pekka Riikonen + Copyright (C) 1997 - 2001 Pekka Riikonen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -1098,6 +1098,9 @@ SILC_TASK_CALLBACK(silc_server_packet_process) it later. */ if (ret == -2) return; + + if (ret == -1) + return; /* The packet has been sent and now it is time to set the connection back to only for input. When there is again some outgoing data @@ -1209,7 +1212,10 @@ SILC_TASK_CALLBACK(silc_server_packet_parse_real) SILC_ID_SERVER_COMPARE(packet->dst_id, server->id_string)) { /* Route the packet to fastest route for the destination ID */ - void *id = silc_id_str2id(packet->dst_id, packet->dst_id_type); + void *id = silc_id_str2id(packet->dst_id, packet->dst_id_len, + packet->dst_id_type); + if (!id) + goto out; silc_server_packet_route(server, silc_server_route_get(server, id, packet->dst_id_type), @@ -1427,7 +1433,10 @@ void silc_server_packet_parse_type(SilcServer server, proto_ctx->packet = silc_packet_context_dup(packet); proto_ctx->dest_id_type = packet->src_id_type; - proto_ctx->dest_id = silc_id_str2id(packet->src_id, packet->src_id_type); + proto_ctx->dest_id = silc_id_str2id(packet->src_id, packet->src_id_len, + packet->src_id_type); + if (!proto_ctx->dest_id) + break; /* Let the protocol handle the packet */ sock->protocol->execute(server->timeout_queue, 0, @@ -1452,7 +1461,10 @@ void silc_server_packet_parse_type(SilcServer server, proto_ctx->packet = silc_packet_context_dup(packet); proto_ctx->dest_id_type = packet->src_id_type; - proto_ctx->dest_id = silc_id_str2id(packet->src_id, packet->src_id_type); + proto_ctx->dest_id = silc_id_str2id(packet->src_id, packet->src_id_len, + packet->src_id_type); + if (!proto_ctx->dest_id) + break; /* Let the protocol handle the packet */ sock->protocol->execute(server->timeout_queue, 0, @@ -1689,6 +1701,8 @@ void silc_server_free_sock_user_data(SilcServer server, silc_idlist_del_client(server->local_list, user_data); server->stat.my_clients--; server->stat.clients--; + if (server->server_type == SILC_ROUTER) + server->stat.cell_clients--; break; } case SILC_SOCKET_TYPE_SERVER: @@ -1708,6 +1722,8 @@ void silc_server_free_sock_user_data(SilcServer server, silc_idlist_del_server(server->local_list, user_data); server->stat.my_servers--; server->stat.servers--; + if (server->server_type == SILC_ROUTER) + server->stat.cell_servers--; break; } default: @@ -1925,16 +1941,16 @@ int silc_server_client_on_channel(SilcClientEntry client, SILC_TASK_CALLBACK(silc_server_timeout_remote) { - SilcServerConnection sconn = (SilcServerConnection)context; - SilcSocketConnection sock = sconn->server->sockets[fd]; + SilcServer server = (SilcServer)context; + SilcSocketConnection sock = server->sockets[fd]; if (!sock) return; if (sock->user_data) - silc_server_free_sock_user_data(sconn->server, sock); + silc_server_free_sock_user_data(server, sock); - silc_server_disconnect_remote(sconn->server, sock, + silc_server_disconnect_remote(server, sock, "Server closed connection: " "Connection timeout"); } @@ -2057,7 +2073,7 @@ SilcChannelEntry silc_server_save_channel_key(SilcServer server, /* Get channel ID */ tmp = silc_channel_key_get_id(payload, &tmp_len); - id = silc_id_str2id(tmp, SILC_ID_CHANNEL); + id = silc_id_str2id(tmp, tmp_len, SILC_ID_CHANNEL); if (!id) { channel = NULL; goto out; diff --git a/apps/silcd/server.h b/apps/silcd/server.h index 53018b43..719c2728 100644 --- a/apps/silcd/server.h +++ b/apps/silcd/server.h @@ -4,7 +4,7 @@ Author: Pekka Riikonen - Copyright (C) 1997 - 2000 Pekka Riikonen + Copyright (C) 1997 - 2001 Pekka Riikonen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/apps/silcd/server_internal.h b/apps/silcd/server_internal.h index 37236c34..63ca697a 100644 --- a/apps/silcd/server_internal.h +++ b/apps/silcd/server_internal.h @@ -4,7 +4,7 @@ Author: Pekka Riikonen - Copyright (C) 1997 - 2000 Pekka Riikonen + Copyright (C) 1997 - 2001 Pekka Riikonen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/apps/silcd/serverid.c b/apps/silcd/serverid.c index 89ea6b82..d4061dd4 100644 --- a/apps/silcd/serverid.c +++ b/apps/silcd/serverid.c @@ -4,7 +4,7 @@ Author: Pekka Riikonen - Copyright (C) 1997 - 2000 Pekka Riikonen + Copyright (C) 1997 - 2001 Pekka Riikonen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,17 +17,7 @@ GNU General Public License for more details. */ -/* - * $Id$ - * $Log$ - * Revision 1.2 2001/02/02 13:34:45 priikone - * updates. - * - * Revision 1.1.1.1 2000/06/27 11:36:56 priikone - * Importet from internal CVS/Added Log headers. - * - * - */ +/* $Id$ */ #include "serverincludes.h" @@ -42,10 +32,6 @@ void silc_id_create_server_id(int sock, SilcRng rng, SilcServerID **new_id) SILC_LOG_DEBUG(("Creating new Server ID")); *new_id = silc_calloc(1, sizeof(**new_id)); - if (*new_id == NULL) { - SILC_LOG_ERROR(("Could not allocate new Server ID")); - return; - } /* Get IP address */ len = sizeof(server); @@ -76,10 +62,6 @@ void silc_id_create_client_id(SilcServerID *server_id, SilcRng rng, SILC_LOG_DEBUG(("Creating new Client ID")); *new_id = silc_calloc(1, sizeof(**new_id)); - if (*new_id == NULL) { - SILC_LOG_ERROR(("Could not allocate new Client ID")); - return; - } /* Create hash of the nickanem */ silc_hash_make(md5hash, nickname, strlen(nickname), hash); @@ -100,10 +82,6 @@ void silc_id_create_channel_id(SilcServerID *router_id, SilcRng rng, SILC_LOG_DEBUG(("Creating new Channel ID")); *new_id = silc_calloc(1, sizeof(**new_id)); - if (*new_id == NULL) { - SILC_LOG_ERROR(("Could not allocate new Channel ID")); - return; - } /* Create the ID */ (*new_id)->ip.s_addr = router_id->ip.s_addr; diff --git a/apps/silcd/serverid.h b/apps/silcd/serverid.h index 2f5f858f..82942771 100644 --- a/apps/silcd/serverid.h +++ b/apps/silcd/serverid.h @@ -4,7 +4,7 @@ Author: Pekka Riikonen - Copyright (C) 1997 - 2000 Pekka Riikonen + Copyright (C) 1997 - 2001 Pekka Riikonen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/apps/silcd/silcd.c b/apps/silcd/silcd.c index 1abc46dd..3732bb14 100644 --- a/apps/silcd/silcd.c +++ b/apps/silcd/silcd.c @@ -4,7 +4,7 @@ Author: Pekka Riikonen - Copyright (C) 1997 - 2000 Pekka Riikonen + Copyright (C) 1997 - 2001 Pekka Riikonen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -23,22 +23,7 @@ * This is the main program for the SILC daemon. This parses command * line arguments and creates the server object. */ -/* - * $Id$ - * $Log$ - * Revision 1.3 2000/09/29 07:13:05 priikone - * Added support for notify type sending in notify payload. - * Removed Log headers from the file. - * Enabled debug messages by default for server. - * - * Revision 1.2 2000/07/05 06:14:01 priikone - * Global costemic changes. - * - * Revision 1.1.1.1 2000/06/27 11:36:56 priikone - * Imported from internal CVS/Added Log headers. - * - * - */ +/* $Id$ */ #include "serverincludes.h" #include "server_internal.h" diff --git a/apps/silcd/silcd.h b/apps/silcd/silcd.h index 1f33d12c..6ad45cb7 100644 --- a/apps/silcd/silcd.h +++ b/apps/silcd/silcd.h @@ -4,7 +4,7 @@ Author: Pekka Riikonen - Copyright (C) 1997 - 2000 Pekka Riikonen + Copyright (C) 1997 - 2001 Pekka Riikonen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/apps/silcd/testi2.conf b/apps/silcd/testi2.conf index fccab92f..984d93b2 100644 --- a/apps/silcd/testi2.conf +++ b/apps/silcd/testi2.conf @@ -43,6 +43,7 @@ errorlogfile:silcd2.log:10000 212.146.8.246:passwd:priikone:1333:1:1 [RouterConnection] +212.146.8.246:passwd:priikone:1335:1:1:0 [DenyConnection] [RedirectClient] diff --git a/configure.in.pre b/configure.in.pre index 9adc7fc1..f4c35856 100644 --- a/configure.in.pre +++ b/configure.in.pre @@ -3,7 +3,7 @@ # # Author: Pekka Riikonen # -# Copyright (C) 2000 Pekka Riikonen +# Copyright (C) 2000 - 2001 Pekka Riikonen # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/lib/silcclient/client.c b/lib/silcclient/client.c index d63e0910..1cd84f2f 100644 --- a/lib/silcclient/client.c +++ b/lib/silcclient/client.c @@ -781,7 +781,10 @@ void silc_client_packet_parse_type(SilcClient client, proto_ctx->packet = silc_packet_context_dup(packet); proto_ctx->dest_id_type = packet->src_id_type; - proto_ctx->dest_id = silc_id_str2id(packet->src_id, packet->src_id_type); + proto_ctx->dest_id = silc_id_str2id(packet->src_id, packet->src_id_len, + packet->src_id_type); + if (!proto_ctx->dest_id) + break; /* Let the protocol handle the packet */ sock->protocol->execute(client->timeout_queue, 0, @@ -812,7 +815,10 @@ void silc_client_packet_parse_type(SilcClient client, proto_ctx->packet = silc_packet_context_dup(packet); proto_ctx->dest_id_type = packet->src_id_type; - proto_ctx->dest_id = silc_id_str2id(packet->src_id, packet->src_id_type); + proto_ctx->dest_id = silc_id_str2id(packet->src_id, packet->src_id_len, + packet->src_id_type); + if (!proto_ctx->dest_id) + break; /* Let the protocol handle the packet */ sock->protocol->execute(client->timeout_queue, 0, @@ -834,6 +840,8 @@ void silc_client_packet_parse_type(SilcClient client, SilcIDPayload idp; idp = silc_id_payload_parse(buffer); + if (!idp) + break; if (silc_id_payload_get_type(idp) != SILC_ID_CLIENT) break; @@ -1295,6 +1303,9 @@ void silc_client_notify_by_server(SilcClient client, unsigned int tmp_len, mode; payload = silc_notify_payload_parse(buffer); + if (!payload) + goto out; + type = silc_notify_get_type(payload); args = silc_notify_get_args(payload); if (!args) @@ -1319,6 +1330,8 @@ void silc_client_notify_by_server(SilcClient client, goto out; client_id = silc_id_payload_parse_id(tmp, tmp_len); + if (!client_id) + goto out; /* Find Client entry and if not found query it */ client_entry = silc_idlist_get_client_by_id(client, conn, client_id, TRUE); @@ -1337,6 +1350,8 @@ void silc_client_notify_by_server(SilcClient client, goto out; channel_id = silc_id_payload_parse_id(tmp, tmp_len); + if (!channel_id) + goto out; /* XXX Will ALWAYS fail because currently we don't have way to resolve channel information for channel that we're not joined to. */ @@ -1365,6 +1380,8 @@ void silc_client_notify_by_server(SilcClient client, goto out; client_id = silc_id_payload_parse_id(tmp, tmp_len); + if (!client_id) + goto out; /* Find Client entry and if not found query it */ client_entry = silc_idlist_get_client_by_id(client, conn, client_id, TRUE); @@ -1378,7 +1395,10 @@ void silc_client_notify_by_server(SilcClient client, } /* Get channel entry */ - channel_id = silc_id_str2id(packet->dst_id, SILC_ID_CHANNEL); + channel_id = silc_id_str2id(packet->dst_id, packet->dst_id_len, + SILC_ID_CHANNEL); + if (!channel_id) + goto out; if (!silc_idcache_find_by_id_one(conn->channel_cache, (void *)channel_id, SILC_ID_CHANNEL, &id_cache)) break; @@ -1411,6 +1431,8 @@ void silc_client_notify_by_server(SilcClient client, goto out; client_id = silc_id_payload_parse_id(tmp, tmp_len); + if (!client_id) + goto out; /* Find Client entry */ client_entry = @@ -1419,7 +1441,10 @@ void silc_client_notify_by_server(SilcClient client, goto out; /* Get channel entry */ - channel_id = silc_id_str2id(packet->dst_id, SILC_ID_CHANNEL); + channel_id = silc_id_str2id(packet->dst_id, packet->dst_id_len, + SILC_ID_CHANNEL); + if (!channel_id) + goto out; if (!silc_idcache_find_by_id_one(conn->channel_cache, (void *)channel_id, SILC_ID_CHANNEL, &id_cache)) break; @@ -1453,6 +1478,8 @@ void silc_client_notify_by_server(SilcClient client, goto out; client_id = silc_id_payload_parse_id(tmp, tmp_len); + if (!client_id) + goto out; /* Find Client entry */ client_entry = @@ -1494,6 +1521,8 @@ void silc_client_notify_by_server(SilcClient client, goto out; client_id = silc_id_payload_parse_id(tmp, tmp_len); + if (!client_id) + goto out; /* Find Client entry */ client_entry = @@ -1507,7 +1536,10 @@ void silc_client_notify_by_server(SilcClient client, goto out; /* Get channel entry */ - channel_id = silc_id_str2id(packet->dst_id, SILC_ID_CHANNEL); + channel_id = silc_id_str2id(packet->dst_id, packet->dst_id_len, + SILC_ID_CHANNEL); + if (!channel_id) + goto out; if (!silc_idcache_find_by_id_one(conn->channel_cache, (void *)channel_id, SILC_ID_CHANNEL, &id_cache)) break; @@ -1534,6 +1566,8 @@ void silc_client_notify_by_server(SilcClient client, goto out; client_id = silc_id_payload_parse_id(tmp, tmp_len); + if (!client_id) + goto out; /* Ignore my ID */ if (!SILC_ID_CLIENT_COMPARE(client_id, conn->local_id)) @@ -1557,6 +1591,8 @@ void silc_client_notify_by_server(SilcClient client, goto out; client_id = silc_id_payload_parse_id(tmp, tmp_len); + if (!client_id) + goto out; /* Find old Client entry */ client_entry = @@ -1599,6 +1635,8 @@ void silc_client_notify_by_server(SilcClient client, goto out; client_id = silc_id_payload_parse_id(tmp, tmp_len); + if (!client_id) + goto out; /* Find Client entry */ client_entry = @@ -1614,7 +1652,10 @@ void silc_client_notify_by_server(SilcClient client, SILC_GET32_MSB(mode, tmp); /* Get channel entry */ - channel_id = silc_id_str2id(packet->dst_id, SILC_ID_CHANNEL); + channel_id = silc_id_str2id(packet->dst_id, packet->dst_id_len, + SILC_ID_CHANNEL); + if (!channel_id) + goto out; if (!silc_idcache_find_by_id_one(conn->channel_cache, (void *)channel_id, SILC_ID_CHANNEL, &id_cache)) break; @@ -1641,6 +1682,8 @@ void silc_client_notify_by_server(SilcClient client, goto out; client_id = silc_id_payload_parse_id(tmp, tmp_len); + if (!client_id) + goto out; /* Find Client entry */ client_entry = @@ -1662,6 +1705,8 @@ void silc_client_notify_by_server(SilcClient client, silc_free(client_id); client_id = silc_id_payload_parse_id(tmp, tmp_len); + if (!client_id) + goto out; /* Find target Client entry */ client_entry2 = @@ -1670,7 +1715,10 @@ void silc_client_notify_by_server(SilcClient client, goto out; /* Get channel entry */ - channel_id = silc_id_str2id(packet->dst_id, SILC_ID_CHANNEL); + channel_id = silc_id_str2id(packet->dst_id, packet->dst_id_len, + SILC_ID_CHANNEL); + if (!channel_id) + goto out; if (!silc_idcache_find_by_id_one(conn->channel_cache, (void *)channel_id, SILC_ID_CHANNEL, &id_cache)) break; @@ -1810,7 +1858,11 @@ void silc_client_save_channel_key(SilcClientConnection conn, return; } - id = silc_id_str2id(id_string, SILC_ID_CHANNEL); + id = silc_id_str2id(id_string, tmp_len, SILC_ID_CHANNEL); + if (!id) { + silc_channel_key_payload_free(payload); + return; + } /* Find channel. */ if (!channel) { @@ -1883,8 +1935,13 @@ void silc_client_channel_message(SilcClient client, if (packet->dst_id_type != SILC_ID_CHANNEL) goto out; - client_id = silc_id_str2id(packet->src_id, SILC_ID_CLIENT); - id = silc_id_str2id(packet->dst_id, SILC_ID_CHANNEL); + client_id = silc_id_str2id(packet->src_id, packet->src_id_len, + SILC_ID_CLIENT); + if (!client_id) + goto out; + id = silc_id_str2id(packet->dst_id, packet->dst_id_len, SILC_ID_CHANNEL); + if (!id) + goto out; /* Find the channel entry from channels on this connection */ if (!silc_idcache_find_by_id_one(conn->channel_cache, (void *)id, @@ -1941,13 +1998,17 @@ void silc_client_private_message(SilcClient client, SilcBuffer buffer = packet->buffer; unsigned short nick_len; unsigned char *nickname, *message; + int ret; /* Get nickname */ - silc_buffer_unformat(buffer, - SILC_STR_UI16_NSTRING_ALLOC(&nickname, &nick_len), - SILC_STR_END); + ret = silc_buffer_unformat(buffer, + SILC_STR_UI16_NSTRING_ALLOC(&nickname, &nick_len), + SILC_STR_END); + if (ret == -1) + return; + silc_buffer_pull(buffer, 2 + nick_len); - + message = silc_calloc(buffer->len + 1, sizeof(char)); memcpy(message, buffer->data, buffer->len); @@ -1964,7 +2025,8 @@ void silc_client_private_message(SilcClient client, if (packet->src_id_type != SILC_ID_CLIENT) goto out; - remote_id = silc_id_str2id(packet->src_id, SILC_ID_CLIENT); + remote_id = silc_id_str2id(packet->src_id, packet->src_id_len, + SILC_ID_CLIENT); if (!remote_id) goto out; diff --git a/lib/silcclient/command.c b/lib/silcclient/command.c index afb04207..97d07482 100644 --- a/lib/silcclient/command.c +++ b/lib/silcclient/command.c @@ -589,7 +589,13 @@ SILC_CLIENT_CMD_FUNC(ping) 0, NULL, NULL, buffer->data, buffer->len, TRUE); silc_buffer_free(buffer); - id = silc_id_str2id(conn->remote_id_data, SILC_ID_SERVER); + id = silc_id_str2id(conn->remote_id_data, conn->remote_id_data_len, + SILC_ID_SERVER); + if (!id) { + SILC_NOT_CONNECTED(cmd->client, cmd->conn); + COMMAND_ERROR; + goto out; + } /* Start counting time */ for (i = 0; i < conn->ping_count; i++) { diff --git a/lib/silcclient/command_reply.c b/lib/silcclient/command_reply.c index 783c74a9..b75c78b9 100644 --- a/lib/silcclient/command_reply.c +++ b/lib/silcclient/command_reply.c @@ -229,6 +229,10 @@ silc_client_command_reply_whois_print(SilcClientCommandReplyContext cmd, } client_id = silc_id_payload_parse_id(id_data, len); + if (!client_id) { + COMMAND_REPLY_ERROR; + return; + } nickname = silc_argument_get_arg_type(cmd->args, 3, &len); if (nickname) { @@ -410,6 +414,8 @@ SILC_CLIENT_CMD_REPLY_FUNC(identify) if (!id_data) goto out; client_id = silc_id_payload_parse_id(id_data, len); + if (!client_id) + goto out; nickname = silc_argument_get_arg_type(cmd->args, 3, NULL); username = silc_argument_get_arg_type(cmd->args, 4, NULL); @@ -495,6 +501,10 @@ SILC_CLIENT_CMD_REPLY_FUNC(nick) /* Take received Client ID */ tmp = silc_argument_get_arg_type(cmd->args, 2, &len); idp = silc_id_payload_parse_data(tmp, len); + if (!idp) { + COMMAND_REPLY_ERROR; + goto out; + } silc_client_receive_new_id(cmd->client, cmd->sock, idp); /* Notify application */ @@ -551,6 +561,8 @@ SILC_CLIENT_CMD_REPLY_FUNC(topic) goto out; channel_id = silc_id_payload_parse_id(tmp, len); + if (!channel_id) + goto out; /* Get the channel name */ if (!silc_idcache_find_by_id_one(conn->channel_cache, (void *)channel_id, @@ -681,7 +693,12 @@ SILC_CLIENT_CMD_REPLY_FUNC(ping) } curtime = time(NULL); - id = silc_id_str2id(cmd->packet->src_id, cmd->packet->src_id_type); + id = silc_id_str2id(cmd->packet->src_id, cmd->packet->src_id_len, + cmd->packet->src_id_type); + if (!id) { + COMMAND_REPLY_ERROR; + goto out; + } for (i = 0; i < conn->ping_count; i++) { if (!SILC_ID_SERVER_COMPARE(conn->ping[i].dest_id, id)) { @@ -767,6 +784,11 @@ SILC_CLIENT_CMD_REPLY_FUNC(join) goto out; } idp = silc_id_payload_parse_data(tmp, len); + if (!idp) { + COMMAND_REPLY_ERROR; + silc_free(channel_name); + goto out; + } /* Get channel mode */ tmp = silc_argument_get_arg_type(cmd->args, 4, NULL); @@ -948,6 +970,10 @@ SILC_CLIENT_CMD_REPLY_FUNC(cumode) goto out; } client_id = silc_id_payload_parse_id(id, len); + if (!client_id) { + COMMAND_REPLY_ERROR; + goto out; + } /* Get client entry */ if (!silc_idcache_find_by_id_one(conn->client_cache, (void *)client_id, @@ -1050,6 +1076,8 @@ SILC_CLIENT_CMD_REPLY_FUNC(users) if (!tmp) goto out; channel_id = silc_id_payload_parse_id(tmp, tmp_len); + if (!channel_id) + goto out; /* Get the list count */ tmp = silc_argument_get_arg_type(cmd->args, 3, &tmp_len); @@ -1103,6 +1131,8 @@ SILC_CLIENT_CMD_REPLY_FUNC(users) SILC_GET16_MSB(idp_len, client_id_list->data + 2); idp_len += 4; client_id = silc_id_payload_parse_id(client_id_list->data, idp_len); + if (!client_id) + continue; /* Mode */ SILC_GET32_MSB(mode, client_mode_list->data); diff --git a/lib/silccore/id.c b/lib/silccore/id.c index ccfa04ca..c531badc 100644 --- a/lib/silccore/id.c +++ b/lib/silccore/id.c @@ -17,17 +17,7 @@ GNU General Public License for more details. */ -/* - * $Id$ - * $Log$ - * Revision 1.2 2000/07/05 06:06:35 priikone - * Global cosmetic change. - * - * Revision 1.1.1.1 2000/06/27 11:36:55 priikone - * Imported from internal CVS/Added Log headers. - * - * - */ +/* $Id$ */ #include "silcincludes.h" @@ -72,13 +62,18 @@ unsigned char *silc_id_id2str(void *id, SilcIdType type) /* Converts string to a ID */ -void *silc_id_str2id(unsigned char *id, SilcIdType type) +void *silc_id_str2id(unsigned char *id, unsigned int id_len, SilcIdType type) { switch(type) { case SILC_ID_SERVER: { - SilcServerID *server_id = silc_calloc(1, sizeof(*server_id)); + SilcServerID *server_id; + + if (id_len != SILC_ID_SERVER_LEN) + return NULL; + + server_id = silc_calloc(1, sizeof(*server_id)); SILC_GET32_MSB(server_id->ip.s_addr, id); SILC_GET16_MSB(server_id->port, &id[4]); SILC_GET16_MSB(server_id->rnd, &id[6]); @@ -87,7 +82,12 @@ void *silc_id_str2id(unsigned char *id, SilcIdType type) break; case SILC_ID_CLIENT: { - SilcClientID *client_id = silc_calloc(1, sizeof(*client_id)); + SilcClientID *client_id; + + if (id_len != SILC_ID_CLIENT_LEN) + return NULL; + + client_id = silc_calloc(1, sizeof(*client_id)); SILC_GET32_MSB(client_id->ip.s_addr, id); client_id->rnd = id[4]; memcpy(client_id->hash, &id[5], CLIENTID_HASH_LEN); @@ -96,7 +96,12 @@ void *silc_id_str2id(unsigned char *id, SilcIdType type) break; case SILC_ID_CHANNEL: { - SilcChannelID *channel_id = silc_calloc(1, sizeof(*channel_id)); + SilcChannelID *channel_id; + + if (id_len != SILC_ID_CHANNEL_LEN) + return NULL; + + channel_id = silc_calloc(1, sizeof(*channel_id)); SILC_GET32_MSB(channel_id->ip.s_addr, id); SILC_GET16_MSB(channel_id->port, &id[4]); SILC_GET16_MSB(channel_id->rnd, &id[6]); diff --git a/lib/silccore/id.h b/lib/silccore/id.h index 5da1d7ee..abd89e0d 100644 --- a/lib/silccore/id.h +++ b/lib/silccore/id.h @@ -110,7 +110,7 @@ typedef struct { /* Prototypes */ unsigned char *silc_id_id2str(void *id, SilcIdType type); -void *silc_id_str2id(unsigned char *id, SilcIdType type); +void *silc_id_str2id(unsigned char *id, unsigned int id_len, SilcIdType type); unsigned int silc_id_get_len(SilcIdType type); #endif diff --git a/lib/silccore/silcchannel.c b/lib/silccore/silcchannel.c index 01907084..61929fa8 100644 --- a/lib/silccore/silcchannel.c +++ b/lib/silccore/silcchannel.c @@ -43,6 +43,7 @@ struct SilcChannelPayloadStruct { SilcChannelPayload silc_channel_payload_parse(SilcBuffer buffer) { SilcChannelPayload new; + int ret; SILC_LOG_DEBUG(("Parsing channel payload")); @@ -50,10 +51,13 @@ SilcChannelPayload silc_channel_payload_parse(SilcBuffer buffer) /* Parse the Channel Payload. Ignore padding and IV, we don't need them. */ - silc_buffer_unformat(buffer, - SILC_STR_UI16_NSTRING_ALLOC(&new->data, &new->data_len), - SILC_STR_UI16_NSTRING_ALLOC(NULL, NULL), - SILC_STR_END); + ret = silc_buffer_unformat(buffer, + SILC_STR_UI16_NSTRING_ALLOC(&new->data, + &new->data_len), + SILC_STR_UI16_NSTRING_ALLOC(NULL, NULL), + SILC_STR_END); + if (ret == -1) + goto err; if (new->data_len < 1 || new->data_len > buffer->len) { SILC_LOG_ERROR(("Incorrect channel payload in packet, packet dropped")); @@ -97,12 +101,11 @@ SilcBuffer silc_channel_payload_encode(unsigned short data_len, /* Allocate channel payload buffer */ len += pad_len; buffer = silc_buffer_alloc(len + iv_len); + silc_buffer_pull_tail(buffer, SILC_BUFFER_END(buffer)); /* Generate padding */ for (i = 0; i < pad_len; i++) pad[i] = silc_rng_get_byte(rng); - silc_buffer_pull_tail(buffer, SILC_BUFFER_END(buffer)); - /* Encode the Channel Payload */ silc_buffer_format(buffer, SILC_STR_UI_SHORT(data_len), @@ -173,18 +176,22 @@ struct SilcChannelKeyPayloadStruct { SilcChannelKeyPayload silc_channel_key_payload_parse(SilcBuffer buffer) { SilcChannelKeyPayload new; + int ret; SILC_LOG_DEBUG(("Parsing channel key payload")); new = silc_calloc(1, sizeof(*new)); /* Parse the Channel Key Payload */ - silc_buffer_unformat(buffer, - SILC_STR_UI16_NSTRING_ALLOC(&new->id, &new->id_len), - SILC_STR_UI16_NSTRING_ALLOC(&new->cipher, - &new->cipher_len), - SILC_STR_UI16_NSTRING_ALLOC(&new->key, &new->key_len), - SILC_STR_END); + ret = + silc_buffer_unformat(buffer, + SILC_STR_UI16_NSTRING_ALLOC(&new->id, &new->id_len), + SILC_STR_UI16_NSTRING_ALLOC(&new->cipher, + &new->cipher_len), + SILC_STR_UI16_NSTRING_ALLOC(&new->key, &new->key_len), + SILC_STR_END); + if (ret == -1) + goto err; if (new->id_len < 1 || new->key_len < 1 || new->cipher_len < 1) { SILC_LOG_ERROR(("Incorrect channel key payload in packet")); @@ -219,10 +226,6 @@ SilcBuffer silc_channel_key_payload_encode(unsigned short id_len, SILC_LOG_DEBUG(("Encoding channel key payload")); - /* Sanity checks */ - if (!id_len || !key_len || !id || !key || !cipher_len || !cipher) - return NULL; - /* Allocate channel payload buffer. Length is 2 + id + 2 + key + 2 + cipher */ len = 2 + id_len + 2 + key_len + 2 + cipher_len; diff --git a/lib/silccore/silccommand.c b/lib/silccore/silccommand.c index 18705419..1c16ac6c 100644 --- a/lib/silccore/silccommand.c +++ b/lib/silccore/silccommand.c @@ -46,18 +46,23 @@ SilcCommandPayload silc_command_payload_parse(SilcBuffer buffer) SilcCommandPayload new; unsigned char args_num; unsigned short payload_len; + int ret; SILC_LOG_DEBUG(("Parsing command payload")); new = silc_calloc(1, sizeof(*new)); /* Parse the Command Payload */ - silc_buffer_unformat(buffer, - SILC_STR_UI_SHORT(&payload_len), - SILC_STR_UI_CHAR(&new->cmd), - SILC_STR_UI_CHAR(&args_num), - SILC_STR_UI_SHORT(&new->ident), - SILC_STR_END); + ret = silc_buffer_unformat(buffer, + SILC_STR_UI_SHORT(&payload_len), + SILC_STR_UI_CHAR(&new->cmd), + SILC_STR_UI_CHAR(&args_num), + SILC_STR_UI_SHORT(&new->ident), + SILC_STR_END); + if (ret == -1) { + silc_free(new); + return NULL; + } if (payload_len != buffer->len) { SILC_LOG_ERROR(("Incorrect command payload in packet, packet dropped")); diff --git a/lib/silccore/silcmode.c b/lib/silccore/silcmode.c index 2f04492e..a937e365 100644 --- a/lib/silccore/silcmode.c +++ b/lib/silccore/silcmode.c @@ -41,17 +41,20 @@ SilcSetModePayload silc_set_mode_payload_parse(SilcBuffer buffer) { SilcSetModePayload new; unsigned short len; + int ret; SILC_LOG_DEBUG(("Parsing Set Mode payload")); new = silc_calloc(1, sizeof(*new)); - silc_buffer_unformat(buffer, - SILC_STR_UI_SHORT(&new->mode_type), - SILC_STR_UI_SHORT(&len), - SILC_STR_UI_INT(&new->mode_mask), - SILC_STR_UI_CHAR(&new->argc), - SILC_STR_END); + ret = silc_buffer_unformat(buffer, + SILC_STR_UI_SHORT(&new->mode_type), + SILC_STR_UI_SHORT(&len), + SILC_STR_UI_INT(&new->mode_mask), + SILC_STR_UI_CHAR(&new->argc), + SILC_STR_END); + if (ret == -1) + goto err; if (len > buffer->len) goto err; diff --git a/lib/silccore/silcnotify.c b/lib/silccore/silcnotify.c index f786f094..d1e739b1 100644 --- a/lib/silccore/silcnotify.c +++ b/lib/silccore/silcnotify.c @@ -40,16 +40,19 @@ SilcNotifyPayload silc_notify_payload_parse(SilcBuffer buffer) { SilcNotifyPayload new; unsigned short len; + int ret; SILC_LOG_DEBUG(("Parsing Notify payload")); new = silc_calloc(1, sizeof(*new)); - silc_buffer_unformat(buffer, - SILC_STR_UI_SHORT(&new->type), - SILC_STR_UI_SHORT(&len), - SILC_STR_UI_CHAR(&new->argc), - SILC_STR_END); + ret = silc_buffer_unformat(buffer, + SILC_STR_UI_SHORT(&new->type), + SILC_STR_UI_SHORT(&len), + SILC_STR_UI_CHAR(&new->argc), + SILC_STR_END); + if (ret == -1) + goto err; if (len > buffer->len) goto err; diff --git a/lib/silccore/silcpacket.c b/lib/silccore/silcpacket.c index a6992105..9c5ed475 100644 --- a/lib/silccore/silcpacket.c +++ b/lib/silccore/silcpacket.c @@ -568,10 +568,6 @@ static int silc_packet_decrypt_rest_special(SilcCipher cipher, int silc_packet_decrypt(SilcCipher cipher, SilcHmac hmac, SilcBuffer buffer, SilcPacketContext *packet) { -#if 0 - SILC_LOG_DEBUG(("Decrypting packet, cipher %s, len %d (%d)", - cipher->cipher->name, len, len - 2)); -#endif /* Decrypt start of the packet header */ if (cipher) @@ -597,7 +593,8 @@ int silc_packet_decrypt(SilcCipher cipher, SilcHmac hmac, } else { /* Packet requires special handling, decrypt rest of the header. This only decrypts. */ - silc_packet_decrypt_rest_special(cipher, hmac, buffer); + if (!silc_packet_decrypt_rest_special(cipher, hmac, buffer)) + return -1; /* Check MAC */ if (!silc_packet_check_mac(hmac, buffer)) @@ -616,7 +613,7 @@ int silc_packet_decrypt(SilcCipher cipher, SilcHmac hmac, SilcPacketType silc_packet_parse(SilcPacketContext *ctx) { SilcBuffer buffer = ctx->buffer; - int len; + int len, ret; SILC_LOG_DEBUG(("Parsing incoming packet")); @@ -635,6 +632,8 @@ SilcPacketType silc_packet_parse(SilcPacketContext *ctx) SILC_STR_UI_SHORT(&ctx->dst_id_len), SILC_STR_UI_CHAR(&ctx->src_id_type), SILC_STR_END); + if (len == -1) + return SILC_PACKET_NONE; if (ctx->src_id_len > SILC_PACKET_MAX_ID_LEN || ctx->dst_id_len > SILC_PACKET_MAX_ID_LEN) { @@ -646,14 +645,17 @@ SilcPacketType silc_packet_parse(SilcPacketContext *ctx) ctx->padlen = SILC_PACKET_PADLEN(ctx->truelen); silc_buffer_pull(buffer, len); - silc_buffer_unformat(buffer, - SILC_STR_UI_XNSTRING_ALLOC(&ctx->src_id, - ctx->src_id_len), - SILC_STR_UI_CHAR(&ctx->dst_id_type), - SILC_STR_UI_XNSTRING_ALLOC(&ctx->dst_id, - ctx->dst_id_len), - SILC_STR_UI_XNSTRING(NULL, ctx->padlen), - SILC_STR_END); + ret = silc_buffer_unformat(buffer, + SILC_STR_UI_XNSTRING_ALLOC(&ctx->src_id, + ctx->src_id_len), + SILC_STR_UI_CHAR(&ctx->dst_id_type), + SILC_STR_UI_XNSTRING_ALLOC(&ctx->dst_id, + ctx->dst_id_len), + SILC_STR_UI_XNSTRING(NULL, ctx->padlen), + SILC_STR_END); + if (ret == -1) + return SILC_PACKET_NONE; + silc_buffer_push(buffer, len); SILC_LOG_HEXDUMP(("parsed packet, len %d", ctx->buffer->len), @@ -677,7 +679,7 @@ SilcPacketType silc_packet_parse(SilcPacketContext *ctx) SilcPacketType silc_packet_parse_special(SilcPacketContext *ctx) { SilcBuffer buffer = ctx->buffer; - int len, tmplen; + int len, tmplen, ret; SILC_LOG_DEBUG(("Parsing incoming packet")); @@ -696,6 +698,8 @@ SilcPacketType silc_packet_parse_special(SilcPacketContext *ctx) SILC_STR_UI_SHORT(&ctx->dst_id_len), SILC_STR_UI_CHAR(&ctx->src_id_type), SILC_STR_END); + if (len == -1) + return SILC_PACKET_NONE; if (ctx->src_id_len > SILC_PACKET_MAX_ID_LEN || ctx->dst_id_len > SILC_PACKET_MAX_ID_LEN) { @@ -710,14 +714,17 @@ SilcPacketType silc_packet_parse_special(SilcPacketContext *ctx) ctx->padlen = SILC_PACKET_PADLEN(tmplen); silc_buffer_pull(buffer, len); - silc_buffer_unformat(buffer, - SILC_STR_UI_XNSTRING_ALLOC(&ctx->src_id, - ctx->src_id_len), - SILC_STR_UI_CHAR(&ctx->dst_id_type), - SILC_STR_UI_XNSTRING_ALLOC(&ctx->dst_id, - ctx->dst_id_len), - SILC_STR_UI_XNSTRING(NULL, ctx->padlen), - SILC_STR_END); + ret = silc_buffer_unformat(buffer, + SILC_STR_UI_XNSTRING_ALLOC(&ctx->src_id, + ctx->src_id_len), + SILC_STR_UI_CHAR(&ctx->dst_id_type), + SILC_STR_UI_XNSTRING_ALLOC(&ctx->dst_id, + ctx->dst_id_len), + SILC_STR_UI_XNSTRING(NULL, ctx->padlen), + SILC_STR_END); + if (ret == -1) + return SILC_PACKET_NONE; + silc_buffer_push(buffer, len); SILC_LOG_HEXDUMP(("parsed packet, len %d", ctx->buffer->len), diff --git a/lib/silccore/silcpayload.c b/lib/silccore/silcpayload.c index 514bc711..c24ce8fe 100644 --- a/lib/silccore/silcpayload.c +++ b/lib/silccore/silcpayload.c @@ -41,24 +41,30 @@ struct SilcIDPayloadStruct { SilcIDPayload silc_id_payload_parse(SilcBuffer buffer) { SilcIDPayload new; + int ret; SILC_LOG_DEBUG(("Parsing ID payload")); new = silc_calloc(1, sizeof(*new)); - silc_buffer_unformat(buffer, - SILC_STR_UI_SHORT(&new->type), - SILC_STR_UI_SHORT(&new->len), - SILC_STR_END); + ret = silc_buffer_unformat(buffer, + SILC_STR_UI_SHORT(&new->type), + SILC_STR_UI_SHORT(&new->len), + SILC_STR_END); + if (ret == -1) + goto err; silc_buffer_pull(buffer, 4); if (new->len > buffer->len) goto err; - silc_buffer_unformat(buffer, - SILC_STR_UI_XNSTRING_ALLOC(&new->id, new->len), - SILC_STR_END); + ret = silc_buffer_unformat(buffer, + SILC_STR_UI_XNSTRING_ALLOC(&new->id, new->len), + SILC_STR_END); + if (ret == -1) + goto err; + silc_buffer_push(buffer, 4); return new; @@ -75,6 +81,7 @@ SilcIDPayload silc_id_payload_parse_data(unsigned char *data, { SilcIDPayload new; SilcBuffer buffer; + int ret; SILC_LOG_DEBUG(("Parsing ID payload")); @@ -84,19 +91,23 @@ SilcIDPayload silc_id_payload_parse_data(unsigned char *data, new = silc_calloc(1, sizeof(*new)); - silc_buffer_unformat(buffer, - SILC_STR_UI_SHORT(&new->type), - SILC_STR_UI_SHORT(&new->len), - SILC_STR_END); + ret = silc_buffer_unformat(buffer, + SILC_STR_UI_SHORT(&new->type), + SILC_STR_UI_SHORT(&new->len), + SILC_STR_END); + if (ret == -1) + goto err; silc_buffer_pull(buffer, 4); if (new->len > buffer->len) goto err; - silc_buffer_unformat(buffer, - SILC_STR_UI_XNSTRING_ALLOC(&new->id, new->len), - SILC_STR_END); + ret = silc_buffer_unformat(buffer, + SILC_STR_UI_XNSTRING_ALLOC(&new->id, new->len), + SILC_STR_END); + if (ret == -1) + goto err; silc_buffer_free(buffer); return new; @@ -115,28 +126,33 @@ void *silc_id_payload_parse_id(unsigned char *data, unsigned int len) SilcIdType type; unsigned short idlen; unsigned char *id; + int ret; buffer = silc_buffer_alloc(len); silc_buffer_pull_tail(buffer, SILC_BUFFER_END(buffer)); silc_buffer_put(buffer, data, len); - silc_buffer_unformat(buffer, - SILC_STR_UI_SHORT(&type), - SILC_STR_UI_SHORT(&idlen), - SILC_STR_END); + ret = silc_buffer_unformat(buffer, + SILC_STR_UI_SHORT(&type), + SILC_STR_UI_SHORT(&idlen), + SILC_STR_END); + if (ret == -1) + goto err; silc_buffer_pull(buffer, 4); if (idlen > buffer->len) goto err; - silc_buffer_unformat(buffer, - SILC_STR_UI_XNSTRING_ALLOC(&id, idlen), - SILC_STR_END); + ret = silc_buffer_unformat(buffer, + SILC_STR_UI_XNSTRING_ALLOC(&id, idlen), + SILC_STR_END); + if (ret == -1) + goto err; silc_buffer_free(buffer); - return silc_id_str2id(id, type); + return silc_id_str2id(id, idlen, type); err: silc_buffer_free(buffer); @@ -188,7 +204,7 @@ SilcIdType silc_id_payload_get_type(SilcIDPayload payload) void *silc_id_payload_get_id(SilcIDPayload payload) { - return silc_id_str2id(payload->id, payload->type); + return silc_id_str2id(payload->id, payload->len, payload->type); } /* Get raw ID data. Data is duplicated. */ @@ -231,7 +247,7 @@ SilcArgumentPayload silc_argument_payload_parse(SilcBuffer buffer, unsigned char arg_num = 0; unsigned char arg_type = 0; unsigned int pull_len = 0; - int i = 0; + int i = 0, ret; SILC_LOG_DEBUG(("Parsing argument payload")); @@ -243,10 +259,12 @@ SilcArgumentPayload silc_argument_payload_parse(SilcBuffer buffer, /* Get arguments */ arg_num = 1; for (i = 0; i < argc; i++) { - silc_buffer_unformat(buffer, - SILC_STR_UI_SHORT(&payload_len), - SILC_STR_UI_CHAR(&arg_type), - SILC_STR_END); + ret = silc_buffer_unformat(buffer, + SILC_STR_UI_SHORT(&payload_len), + SILC_STR_UI_CHAR(&arg_type), + SILC_STR_END); + if (ret == -1) + goto err; new->argv_lens[i] = payload_len; new->argv_types[i] = arg_type; @@ -256,10 +274,12 @@ SilcArgumentPayload silc_argument_payload_parse(SilcBuffer buffer, /* Get argument data */ silc_buffer_pull(buffer, 3); - silc_buffer_unformat(buffer, - SILC_STR_UI_XNSTRING_ALLOC(&new->argv[i], - payload_len), - SILC_STR_END); + ret = silc_buffer_unformat(buffer, + SILC_STR_UI_XNSTRING_ALLOC(&new->argv[i], + payload_len), + SILC_STR_END); + if (ret == -1) + goto err; silc_buffer_pull(buffer, payload_len); pull_len += 3 + payload_len; @@ -362,56 +382,6 @@ SilcBuffer silc_argument_payload_encode_payload(SilcArgumentPayload payload) return buffer; } -#if 0 -/* Encodes Argument payload with variable argument list. The arguments - must be: unsigned int, unsigned char *, unsigned int, ... One - {unsigned int, unsigned char * and unsigned int} forms one argument, - thus `argc' in case when sending one {unsigned int, unsigned char * - and unsigned int} equals one (1) and when sending two of those it - equals two (2), and so on. This has to be preserved or bad things - will happen. The variable arguments is: {type, data, data_len}. */ - -SilcBuffer silc_command_encode_payload_va(unsigned int argc, ...) -{ - va_list ap; - unsigned char **argv; - unsigned int *argv_lens = NULL, *argv_types = NULL; - unsigned char *x; - unsigned int x_len; - unsigned int x_type; - SilcBuffer buffer; - int i; - - va_start(ap, argc); - - argv = silc_calloc(argc, sizeof(unsigned char *)); - argv_lens = silc_calloc(argc, sizeof(unsigned int)); - argv_types = silc_calloc(argc, sizeof(unsigned int)); - - for (i = 0; i < argc; i++) { - x_type = va_arg(ap, unsigned int); - x = va_arg(ap, unsigned char *); - x_len = va_arg(ap, unsigned int); - - argv[i] = silc_calloc(x_len + 1, sizeof(unsigned char)); - memcpy(argv[i], x, x_len); - argv_lens[i] = x_len; - argv_types[i] = x_type; - } - - buffer = silc_argument_payload_encode(argc, argv, - argv_lens, argv_types); - - for (i = 0; i < argc; i++) - silc_free(argv[i]); - silc_free(argv); - silc_free(argv_lens); - silc_free(argv_types); - - return buffer; -} -#endif - /* Free's Command Payload */ void silc_argument_payload_free(SilcArgumentPayload payload) diff --git a/lib/silccore/silcprotocol.c b/lib/silccore/silcprotocol.c index 7c33c1af..89d62443 100644 --- a/lib/silccore/silcprotocol.c +++ b/lib/silccore/silcprotocol.c @@ -20,21 +20,7 @@ /* * Created: Tue Nov 25 19:25:33 GMT+0200 1997 */ -/* - * $Id$ - * $Log$ - * Revision 1.3 2000/07/20 10:17:25 priikone - * Added dynamic protocol registering/unregistering support. The - * patch was provided by cras. - * - * Revision 1.2 2000/07/05 06:06:35 priikone - * Global cosmetic change. - * - * Revision 1.1.1.1 2000/06/27 11:36:55 priikone - * Imported from internal CVS/Added Log headers. - * - * - */ +/* $Id$ */ #include "silcincludes.h" #include "silcprotocol.h" diff --git a/lib/silccore/silcsockconn.c b/lib/silccore/silcsockconn.c index 79ea3f84..3262cfc4 100644 --- a/lib/silccore/silcsockconn.c +++ b/lib/silccore/silcsockconn.c @@ -20,6 +20,9 @@ /* * $Id$ * $Log$ + * Revision 1.3 2001/02/11 14:09:34 priikone + * Code auditing weekend results and fixes committing. + * * Revision 1.2 2000/07/05 06:06:35 priikone * Global cosmetic change. * @@ -56,7 +59,6 @@ void silc_socket_alloc(int sock, SilcSocketType type, void *user_data, void silc_socket_free(SilcSocketConnection sock) { if (sock) { - // silc_protocol_free(sock->protocol); silc_buffer_free(sock->inbuf); silc_buffer_free(sock->outbuf); silc_free(sock); diff --git a/lib/silccrypt/rsa.c b/lib/silccrypt/rsa.c index ec85853a..df793298 100644 --- a/lib/silccrypt/rsa.c +++ b/lib/silccrypt/rsa.c @@ -327,14 +327,9 @@ SILC_PKCS_API_ENCRYPT(rsa) silc_mp_add_ui(&mp_tmp, &mp_tmp, src[i]); } - silc_mp_out_str(stderr, 16, &mp_tmp); - /* Encrypt */ rsa_en_de_crypt(&mp_dst, &mp_tmp, &key->e, &key->n); - fprintf(stderr, "\n"); - silc_mp_out_str(stderr, 16, &mp_dst); - tmplen = (1024 + 7) / 8; /* Format the MP int back into data */ @@ -366,14 +361,9 @@ SILC_PKCS_API_DECRYPT(rsa) silc_mp_add_ui(&mp_tmp, &mp_tmp, src[i]); } - silc_mp_out_str(stderr, 16, &mp_tmp); - /* Decrypt */ rsa_en_de_crypt(&mp_dst, &mp_tmp, &key->d, &key->n); - fprintf(stderr, "\n"); - silc_mp_out_str(stderr, 16, &mp_dst); - tmplen = (1024 + 7) / 8; /* Format the MP int back into data */ diff --git a/lib/silccrypt/silccipher.c b/lib/silccrypt/silccipher.c index d98f86d0..824bcbe2 100644 --- a/lib/silccrypt/silccipher.c +++ b/lib/silccrypt/silccipher.c @@ -4,7 +4,7 @@ Author: Pekka Riikonen - Copyright (C) 1997 - 2000 Pekka Riikonen + Copyright (C) 1997 - 2001 Pekka Riikonen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,26 +17,7 @@ GNU General Public License for more details. */ -/* - * $Id$ - * $Log$ - * Revision 1.5 2000/10/09 11:37:21 priikone - * bugfixes. Made public/private keys protocol compliant. - * - * Revision 1.4 2000/10/02 18:31:46 priikone - * Added rijndael (AES) to cipher list. - * - * Revision 1.3 2000/09/28 11:28:20 priikone - * Changed cipher list order. - * - * Revision 1.2 2000/07/05 06:08:43 priikone - * Global cosmetic change. - * - * Revision 1.1.1.1 2000/06/27 11:36:54 priikone - * Imported from internal CVS/Added Log headers. - * - * - */ +/* $Id$ */ #include "silcincludes.h" diff --git a/lib/silccrypt/silccipher.h b/lib/silccrypt/silccipher.h index 10801492..f408b1ff 100644 --- a/lib/silccrypt/silccipher.h +++ b/lib/silccrypt/silccipher.h @@ -4,7 +4,7 @@ Author: Pekka Riikonen - Copyright (C) 1997 - 2000 Pekka Riikonen + Copyright (C) 1997 - 2001 Pekka Riikonen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/lib/silccrypt/silchash.c b/lib/silccrypt/silchash.c index 18cf81bc..8bb73393 100644 --- a/lib/silccrypt/silchash.c +++ b/lib/silccrypt/silchash.c @@ -4,7 +4,7 @@ Author: Pekka Riikonen - Copyright (C) 1997 - 2000 Pekka Riikonen + Copyright (C) 1997 - 2001 Pekka Riikonen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,20 +17,7 @@ GNU General Public License for more details. */ -/* - * $Id$ - * $Log$ - * Revision 1.3 2000/07/10 05:35:43 priikone - * Added fingerprint functions. - * - * Revision 1.2 2000/07/05 06:08:43 priikone - * Global cosmetic change. - * - * Revision 1.1.1.1 2000/06/27 11:36:55 priikone - * Imported from internal CVS/Added Log headers. - * - * - */ +/* $Id$ */ #include "silcincludes.h" diff --git a/lib/silccrypt/silchash.h b/lib/silccrypt/silchash.h index 751c6e17..5f4ea0f3 100644 --- a/lib/silccrypt/silchash.h +++ b/lib/silccrypt/silchash.h @@ -4,7 +4,7 @@ Author: Pekka Riikonen - Copyright (C) 1997 - 2000 Pekka Riikonen + Copyright (C) 1997 - 2001 Pekka Riikonen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/lib/silccrypt/silchmac.c b/lib/silccrypt/silchmac.c index 30f36c3f..347894cb 100644 --- a/lib/silccrypt/silchmac.c +++ b/lib/silccrypt/silchmac.c @@ -4,7 +4,7 @@ Author: Pekka Riikonen - Copyright (C) 1997 - 2000 Pekka Riikonen + Copyright (C) 1997 - 2001 Pekka Riikonen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,20 +17,7 @@ GNU General Public License for more details. */ -/* - * $Id$ - * $Log$ - * Revision 1.3 2000/07/14 09:12:24 priikone - * Fixed bug in silc_hmac_make. - * - * Revision 1.2 2000/07/05 06:08:43 priikone - * Global cosmetic change. - * - * Revision 1.1.1.1 2000/06/27 11:36:55 priikone - * Imported from internal CVS/Added Log headers. - * - * - */ +/* $Id$ */ #include "silcincludes.h" @@ -49,7 +36,7 @@ int silc_hmac_alloc(SilcHash hash, SilcHmac *new_hmac) (*new_hmac)->make_hmac_with_key = silc_hmac_make_with_key; (*new_hmac)->make_hmac_truncated = silc_hmac_make_truncated; - return 1; + return TRUE; } /* Free's the SilcHmac object. */ diff --git a/lib/silccrypt/silchmac.h b/lib/silccrypt/silchmac.h index d69822d0..069476e9 100644 --- a/lib/silccrypt/silchmac.h +++ b/lib/silccrypt/silchmac.h @@ -4,7 +4,7 @@ Author: Pekka Riikonen - Copyright (C) 1997 - 2000 Pekka Riikonen + Copyright (C) 1997 - 2001 Pekka Riikonen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/lib/silccrypt/silcpkcs.c b/lib/silccrypt/silcpkcs.c index fe3b09c0..74870ec8 100644 --- a/lib/silccrypt/silcpkcs.c +++ b/lib/silccrypt/silcpkcs.c @@ -334,7 +334,7 @@ silc_pkcs_public_key_encode(SilcPublicKey public_key, unsigned int *len) unsigned char *ret; buf = silc_buffer_alloc(public_key->len); - silc_buffer_pull_tail(buf, public_key->len); + silc_buffer_pull_tail(buf, SILC_BUFFER_END(buf)); silc_buffer_format(buf, SILC_STR_UI_INT(public_key->len), @@ -368,7 +368,7 @@ silc_pkcs_public_key_data_encode(unsigned char *pk, unsigned int pk_len, totlen = 4 + 2 + strlen(pkcs) + 2 + strlen(identifier) + pk_len; buf = silc_buffer_alloc(totlen); - silc_buffer_pull_tail(buf, totlen); + silc_buffer_pull_tail(buf, SILC_BUFFER_END(buf)); silc_buffer_format(buf, SILC_STR_UI_INT(totlen), @@ -399,15 +399,20 @@ int silc_pkcs_public_key_decode(unsigned char *data, unsigned int data_len, unsigned short pkcs_len, identifier_len; unsigned int totlen, key_len; unsigned char *pkcs_name = NULL, *ident = NULL, *key_data = NULL; + int ret; buf = silc_buffer_alloc(data_len); - silc_buffer_pull_tail(buf, data_len); + silc_buffer_pull_tail(buf, SILC_BUFFER_END(buf)); silc_buffer_put(buf, data, data_len); /* Get length */ - silc_buffer_unformat(buf, - SILC_STR_UI_INT(&totlen), - SILC_STR_END); + ret = silc_buffer_unformat(buf, + SILC_STR_UI_INT(&totlen), + SILC_STR_END); + if (ret == -1) { + silc_buffer_free(buf); + return FALSE; + } if (totlen != data_len) { silc_buffer_free(buf); @@ -416,10 +421,13 @@ int silc_pkcs_public_key_decode(unsigned char *data, unsigned int data_len, /* Get algorithm name and identifier */ silc_buffer_pull(buf, 4); - silc_buffer_unformat(buf, - SILC_STR_UI16_NSTRING_ALLOC(&pkcs_name, &pkcs_len), - SILC_STR_UI16_NSTRING_ALLOC(&ident, &identifier_len), - SILC_STR_END); + ret = + silc_buffer_unformat(buf, + SILC_STR_UI16_NSTRING_ALLOC(&pkcs_name, &pkcs_len), + SILC_STR_UI16_NSTRING_ALLOC(&ident, &identifier_len), + SILC_STR_END); + if (ret == -1) + goto err; if (pkcs_len < 1 || identifier_len < 3 || pkcs_len + identifier_len > totlen) @@ -437,9 +445,11 @@ int silc_pkcs_public_key_decode(unsigned char *data, unsigned int data_len, /* Get key data. We assume that rest of the buffer is key data. */ silc_buffer_pull(buf, 2 + pkcs_len + 2 + identifier_len); key_len = buf->len; - silc_buffer_unformat(buf, - SILC_STR_UI_XNSTRING_ALLOC(&key_data, key_len), - SILC_STR_END); + ret = silc_buffer_unformat(buf, + SILC_STR_UI_XNSTRING_ALLOC(&key_data, key_len), + SILC_STR_END); + if (ret == -1) + goto err; /* Try to set the key. If this fails the key must be malformed. This code assumes that the PKCS routine checks the format of the key. */ @@ -482,7 +492,7 @@ silc_pkcs_private_key_encode(SilcPrivateKey private_key, unsigned int *len) totlen = 2 + strlen(private_key->name) + private_key->prv_len; buf = silc_buffer_alloc(totlen); - silc_buffer_pull_tail(buf, totlen); + silc_buffer_pull_tail(buf, SILC_BUFFER_END(buf)); silc_buffer_format(buf, SILC_STR_UI_SHORT(strlen(private_key->name)), @@ -540,15 +550,19 @@ int silc_pkcs_private_key_decode(unsigned char *data, unsigned int data_len, unsigned short pkcs_len; unsigned int key_len; unsigned char *pkcs_name = NULL, *key_data = NULL; + int ret; buf = silc_buffer_alloc(data_len); - silc_buffer_pull_tail(buf, data_len); + silc_buffer_pull_tail(buf, SILC_BUFFER_END(buf)); silc_buffer_put(buf, data, data_len); /* Get algorithm name and identifier */ - silc_buffer_unformat(buf, - SILC_STR_UI16_NSTRING_ALLOC(&pkcs_name, &pkcs_len), - SILC_STR_END); + ret = + silc_buffer_unformat(buf, + SILC_STR_UI16_NSTRING_ALLOC(&pkcs_name, &pkcs_len), + SILC_STR_END); + if (ret == -1) + goto err; if (pkcs_len < 1 || pkcs_len > buf->truelen) goto err; @@ -560,9 +574,11 @@ int silc_pkcs_private_key_decode(unsigned char *data, unsigned int data_len, /* Get key data. We assume that rest of the buffer is key data. */ silc_buffer_pull(buf, 2 + pkcs_len); key_len = buf->len; - silc_buffer_unformat(buf, - SILC_STR_UI_XNSTRING_ALLOC(&key_data, key_len), - SILC_STR_END); + ret = silc_buffer_unformat(buf, + SILC_STR_UI_XNSTRING_ALLOC(&key_data, key_len), + SILC_STR_END); + if (ret == -1) + goto err; /* Try to set the key. If this fails the key must be malformed. This code assumes that the PKCS routine checks the format of the key. */ @@ -612,7 +628,7 @@ static int silc_pkcs_save_public_key_internal(char *filename, len = data_len + (strlen(SILC_PKCS_PUBLIC_KEYFILE_BEGIN) + strlen(SILC_PKCS_PUBLIC_KEYFILE_END)); buf = silc_buffer_alloc(len); - silc_buffer_pull_tail(buf, len); + silc_buffer_pull_tail(buf, SILC_BUFFER_END(buf)); silc_buffer_format(buf, SILC_STR_UI32_STRING(SILC_PKCS_PUBLIC_KEYFILE_BEGIN), @@ -675,7 +691,7 @@ static int silc_pkcs_save_private_key_internal(char *filename, len = data_len + (strlen(SILC_PKCS_PRIVATE_KEYFILE_BEGIN) + strlen(SILC_PKCS_PRIVATE_KEYFILE_END)); buf = silc_buffer_alloc(len); - silc_buffer_pull_tail(buf, len); + silc_buffer_pull_tail(buf, SILC_BUFFER_END(buf)); silc_buffer_format(buf, SILC_STR_UI32_STRING(SILC_PKCS_PRIVATE_KEYFILE_BEGIN), diff --git a/lib/silccrypt/silcrng.c b/lib/silccrypt/silcrng.c index df7282dc..9da70dd9 100644 --- a/lib/silccrypt/silcrng.c +++ b/lib/silccrypt/silcrng.c @@ -17,6 +17,7 @@ GNU General Public License for more details. */ +/* $Id$ */ /* * Created: Sun Mar 9 00:09:18 1997 * @@ -24,20 +25,6 @@ */ /* XXX: Some operations block resulting slow initialization. * XXX: I have some pending changes to make this better. */ -/* - * $Id$ - * $Log$ - * Revision 1.3 2000/07/10 05:36:14 priikone - * Added silc_rng_get_rng_data to get variable length binary data. - * - * Revision 1.2 2000/07/05 06:08:43 priikone - * Global cosmetic change. - * - * Revision 1.1.1.1 2000/06/27 11:36:55 priikone - * Imported from internal CVS/Added Log headers. - * - * - */ #include "silcincludes.h" @@ -164,10 +151,6 @@ void silc_rng_init(SilcRng rng) (i * (sizeof(rng->pool) / SILC_RNG_STATE_NUM)); next->pos = (i * (sizeof(rng->pool) / SILC_RNG_STATE_NUM)) + 8; -#if 0 - next->pos = sizeof(rng->pool) - - ((i * (sizeof(rng->pool) / SILC_RNG_STATE_NUM))) + 8; -#endif next->next = rng->state; rng->state = next; } diff --git a/lib/silcmath/modinv.c b/lib/silcmath/modinv.c index 1a60f7b3..c41dab00 100644 --- a/lib/silcmath/modinv.c +++ b/lib/silcmath/modinv.c @@ -17,6 +17,7 @@ GNU General Public License for more details. */ +/* $Id$ */ #include "silcincludes.h" diff --git a/lib/silcmath/mpbin.c b/lib/silcmath/mpbin.c index 1e937eb0..6e0e6ead 100644 --- a/lib/silcmath/mpbin.c +++ b/lib/silcmath/mpbin.c @@ -17,6 +17,7 @@ GNU General Public License for more details. */ +/* $Id$ */ #include "silcincludes.h" diff --git a/lib/silcmath/silcprimegen.c b/lib/silcmath/silcprimegen.c index 737a09ad..b86a6aad 100644 --- a/lib/silcmath/silcprimegen.c +++ b/lib/silcmath/silcprimegen.c @@ -17,20 +17,8 @@ GNU General Public License for more details. */ -/* - * Created: Mon Dec 8 16:35:37 GMT+0200 1997 - */ -/* - * $Id$ - * $Log$ - * Revision 1.2 2000/07/05 06:06:52 priikone - * Global cosmetic change. - * - * Revision 1.1.1.1 2000/06/27 11:36:51 priikone - * Importet from internal CVS/Added Log headers. - * - * - */ +/* Created: Mon Dec 8 16:35:37 GMT+0200 1997 */ +/* $Id$ */ #include "silcincludes.h" diff --git a/lib/silcske/groups.c b/lib/silcske/groups.c index 18d70c6c..2648f165 100644 --- a/lib/silcske/groups.c +++ b/lib/silcske/groups.c @@ -17,17 +17,7 @@ GNU General Public License for more details. */ -/* - * $Id$ - * $Log$ - * Revision 1.2 2000/07/05 06:05:15 priikone - * Global cosmetic change. - * - * Revision 1.1.1.1 2000/06/27 11:36:56 priikone - * Imported from internal CVS/Added Log headers. - * - * - */ +/* $Id$ */ #include "silcincludes.h" #include "groups_internal.h" diff --git a/lib/silcske/payload.c b/lib/silcske/payload.c index 718e6bc2..c491f29e 100644 --- a/lib/silcske/payload.c +++ b/lib/silcske/payload.c @@ -17,40 +17,11 @@ GNU General Public License for more details. */ -/* XXX TODO: This is not optimized version and should be optimized! - Use *_ALLOC buffer formatting in payload decodings! */ -/* - * $Id$ - * $Log$ - * Revision 1.6 2000/10/31 19:48:31 priikone - * A LOT updates. Cannot separate. :) - * - * Revision 1.5 2000/07/19 07:04:37 priikone - * Added version detection support to SKE. Minor bugfixes. - * - * Revision 1.4 2000/07/10 05:34:22 priikone - * Added mp binary encoding as protocols defines. - * - * Revision 1.3 2000/07/07 06:46:43 priikone - * Removed ske_verify_public_key function as it is not needed - * anymore. Added support to the public key verification as callback - * function. Other minor changes and bug fixes. - * - * Revision 1.2 2000/07/05 06:05:15 priikone - * Global cosmetic change. - * - * Revision 1.1.1.1 2000/06/27 11:36:56 priikone - * Imported from internal CVS/Added Log headers. - * - * - */ +/* $Id$ */ #include "silcincludes.h" #include "payload_internal.h" -/* Temporary buffer used in payload decoding */ -unsigned char buf[16384]; - /* Encodes Key Exchange Start Payload into a SILC Buffer to be sent to the other end. */ @@ -59,43 +30,46 @@ SilcSKEStatus silc_ske_payload_start_encode(SilcSKE ske, SilcBuffer *return_buffer) { SilcBuffer buf; + int ret; SILC_LOG_DEBUG(("Encoding KE Start Payload")); if (!payload) return SILC_SKE_STATUS_ERROR; - /* Allocate channel payload buffer. */ buf = silc_buffer_alloc(payload->len); - - silc_buffer_pull_tail(buf, payload->len); + silc_buffer_pull_tail(buf, SILC_BUFFER_END(buf)); /* Encode the payload */ - silc_buffer_format(buf, - SILC_STR_UI_CHAR(0), /* RESERVED field */ - SILC_STR_UI_CHAR(payload->flags), - SILC_STR_UI_SHORT(payload->len), - SILC_STR_UI_XNSTRING(payload->cookie, - payload->cookie_len), - SILC_STR_UI_SHORT(payload->version_len), - SILC_STR_UI_XNSTRING(payload->version, - payload->version_len), - SILC_STR_UI_SHORT(payload->ke_grp_len), - SILC_STR_UI_XNSTRING(payload->ke_grp_list, - payload->ke_grp_len), - SILC_STR_UI_SHORT(payload->pkcs_alg_len), - SILC_STR_UI_XNSTRING(payload->pkcs_alg_list, - payload->pkcs_alg_len), - SILC_STR_UI_SHORT(payload->enc_alg_len), - SILC_STR_UI_XNSTRING(payload->enc_alg_list, - payload->enc_alg_len), - SILC_STR_UI_SHORT(payload->hash_alg_len), - SILC_STR_UI_XNSTRING(payload->hash_alg_list, - payload->hash_alg_len), - SILC_STR_UI_SHORT(payload->comp_alg_len), - SILC_STR_UI_XNSTRING(payload->comp_alg_list, - payload->comp_alg_len), - SILC_STR_END); + ret = silc_buffer_format(buf, + SILC_STR_UI_CHAR(0), /* RESERVED field */ + SILC_STR_UI_CHAR(payload->flags), + SILC_STR_UI_SHORT(payload->len), + SILC_STR_UI_XNSTRING(payload->cookie, + payload->cookie_len), + SILC_STR_UI_SHORT(payload->version_len), + SILC_STR_UI_XNSTRING(payload->version, + payload->version_len), + SILC_STR_UI_SHORT(payload->ke_grp_len), + SILC_STR_UI_XNSTRING(payload->ke_grp_list, + payload->ke_grp_len), + SILC_STR_UI_SHORT(payload->pkcs_alg_len), + SILC_STR_UI_XNSTRING(payload->pkcs_alg_list, + payload->pkcs_alg_len), + SILC_STR_UI_SHORT(payload->enc_alg_len), + SILC_STR_UI_XNSTRING(payload->enc_alg_list, + payload->enc_alg_len), + SILC_STR_UI_SHORT(payload->hash_alg_len), + SILC_STR_UI_XNSTRING(payload->hash_alg_list, + payload->hash_alg_len), + SILC_STR_UI_SHORT(payload->comp_alg_len), + SILC_STR_UI_XNSTRING(payload->comp_alg_list, + payload->comp_alg_len), + SILC_STR_END); + if (ret == -1) { + silc_buffer_free(buf); + return SILC_SKE_STATUS_ERROR; + } /* Return the encoded buffer */ *return_buffer = buf; @@ -116,25 +90,31 @@ silc_ske_payload_start_decode(SilcSKE ske, SilcSKEStartPayload *payload; SilcSKEStatus status = SILC_SKE_STATUS_ERROR; unsigned char tmp; - int len, len2; + int ret, len, len2; SILC_LOG_DEBUG(("Decoding Key Exchange Start Payload")); SILC_LOG_HEXDUMP(("KE Start Payload"), buffer->data, buffer->len); payload = silc_calloc(1, sizeof(*payload)); - memset(buf, 0, sizeof(buf)); - - /* Parse the entire payload */ - silc_buffer_unformat(buffer, - SILC_STR_UI_CHAR(&tmp), /* RESERVED Field */ - SILC_STR_UI_CHAR(&payload->flags), - SILC_STR_UI_SHORT(&payload->len), - SILC_STR_UI_XNSTRING(&buf, SILC_SKE_COOKIE_LEN), - SILC_STR_UI16_NSTRING_ALLOC(&payload->version, - &payload->version_len), - SILC_STR_UI_SHORT(&payload->ke_grp_len), - SILC_STR_END); + payload->cookie_len = SILC_SKE_COOKIE_LEN; + + /* Parse start of the payload */ + ret = + silc_buffer_unformat(buffer, + SILC_STR_UI_CHAR(&tmp), /* RESERVED Field */ + SILC_STR_UI_CHAR(&payload->flags), + SILC_STR_UI_SHORT(&payload->len), + SILC_STR_UI_XNSTRING_ALLOC(&payload->cookie, + payload->cookie_len), + SILC_STR_UI16_NSTRING_ALLOC(&payload->version, + &payload->version_len), + SILC_STR_UI_SHORT(&payload->ke_grp_len), + SILC_STR_END); + if (ret == -1) { + status = SILC_SKE_STATUS_ERROR; + goto err; + } if (tmp != 0) { SILC_LOG_DEBUG(("Bad reserved field")); @@ -154,20 +134,19 @@ silc_ske_payload_start_decode(SilcSKE ske, goto err; } - len2 = len = 1 + 1 + 2 + SILC_SKE_COOKIE_LEN + 2 + payload->version_len + 2; + len2 = len = 1 + 1 + 2 + payload->cookie_len + 2 + payload->version_len + 2; silc_buffer_pull(buffer, len); - /* Copy cookie from payload */ - payload->cookie = silc_calloc(SILC_SKE_COOKIE_LEN, - sizeof(unsigned char)); - payload->cookie_len = SILC_SKE_COOKIE_LEN; - memcpy(payload->cookie, buf, SILC_SKE_COOKIE_LEN); - memset(buf, 0, sizeof(buf)); - - silc_buffer_unformat(buffer, - SILC_STR_UI_XNSTRING(&buf, payload->ke_grp_len), - SILC_STR_UI_SHORT(&payload->pkcs_alg_len), - SILC_STR_END); + /* Parse group list */ + ret = silc_buffer_unformat(buffer, + SILC_STR_UI_XNSTRING_ALLOC(&payload->ke_grp_list, + payload->ke_grp_len), + SILC_STR_UI_SHORT(&payload->pkcs_alg_len), + SILC_STR_END); + if (ret == -1) { + status = SILC_SKE_STATUS_ERROR; + goto err; + } if (payload->pkcs_alg_len < 1) { SILC_LOG_DEBUG(("Bad payload length")); @@ -178,16 +157,17 @@ silc_ske_payload_start_decode(SilcSKE ske, len2 += len = payload->ke_grp_len + 2; silc_buffer_pull(buffer, len); - /* Copy KE groups from payload */ - payload->ke_grp_list = silc_calloc(payload->ke_grp_len + 1, - sizeof(unsigned char)); - memcpy(payload->ke_grp_list, buf, payload->ke_grp_len); - memset(buf, 0, sizeof(buf)); - - silc_buffer_unformat(buffer, - SILC_STR_UI_XNSTRING(&buf, payload->pkcs_alg_len), - SILC_STR_UI_SHORT(&payload->enc_alg_len), - SILC_STR_END); + /* Parse PKCS alg list */ + ret = + silc_buffer_unformat(buffer, + SILC_STR_UI_XNSTRING_ALLOC(&payload->pkcs_alg_list, + payload->pkcs_alg_len), + SILC_STR_UI_SHORT(&payload->enc_alg_len), + SILC_STR_END); + if (ret == -1) { + status = SILC_SKE_STATUS_ERROR; + goto err; + } if (payload->enc_alg_len < 1) { SILC_LOG_DEBUG(("Bad payload length")); @@ -198,16 +178,17 @@ silc_ske_payload_start_decode(SilcSKE ske, len2 += len = payload->pkcs_alg_len + 2; silc_buffer_pull(buffer, len); - /* Copy PKCS algs from payload */ - payload->pkcs_alg_list = silc_calloc(payload->pkcs_alg_len + 1, - sizeof(unsigned char)); - memcpy(payload->pkcs_alg_list, buf, payload->pkcs_alg_len); - memset(buf, 0, sizeof(buf)); - - silc_buffer_unformat(buffer, - SILC_STR_UI_XNSTRING(&buf, payload->enc_alg_len), - SILC_STR_UI_SHORT(&payload->hash_alg_len), - SILC_STR_END); + /* Parse encryption alg list */ + ret = + silc_buffer_unformat(buffer, + SILC_STR_UI_XNSTRING_ALLOC(&payload->enc_alg_list, + payload->enc_alg_len), + SILC_STR_UI_SHORT(&payload->hash_alg_len), + SILC_STR_END); + if (ret == -1) { + status = SILC_SKE_STATUS_ERROR; + goto err; + } if (payload->hash_alg_len < 1) { SILC_LOG_DEBUG(("Bad payload length")); @@ -218,36 +199,32 @@ silc_ske_payload_start_decode(SilcSKE ske, len2 += len = payload->enc_alg_len + 2; silc_buffer_pull(buffer, len); - /* Copy encryption algs from payload */ - payload->enc_alg_list = silc_calloc(payload->enc_alg_len + 1, - sizeof(unsigned char)); - memcpy(payload->enc_alg_list, buf, payload->enc_alg_len); - memset(buf, 0, sizeof(buf)); - - silc_buffer_unformat(buffer, - SILC_STR_UI_XNSTRING(&buf, payload->hash_alg_len), - SILC_STR_UI_SHORT(&payload->comp_alg_len), - SILC_STR_END); + /* Parse hash alg list */ + ret = + silc_buffer_unformat(buffer, + SILC_STR_UI_XNSTRING_ALLOC(&payload->hash_alg_list, + payload->hash_alg_len), + SILC_STR_UI_SHORT(&payload->comp_alg_len), + SILC_STR_END); + if (ret == -1) { + status = SILC_SKE_STATUS_ERROR; + goto err; + } len2 += len = payload->hash_alg_len + 2; silc_buffer_pull(buffer, len); - /* Copy hash algs from payload */ - payload->hash_alg_list = silc_calloc(payload->hash_alg_len + 1, - sizeof(unsigned char)); - memcpy(payload->hash_alg_list, buf, payload->hash_alg_len); - memset(buf, 0, sizeof(buf)); - + /* Parse compression alg list */ if (payload->comp_alg_len) { - silc_buffer_unformat(buffer, - SILC_STR_UI_XNSTRING(&buf, payload->comp_alg_len), - SILC_STR_END); - - /* Copy compression algs from payload */ - payload->comp_alg_list = silc_calloc(payload->comp_alg_len + 1, - sizeof(unsigned char)); - memcpy(payload->comp_alg_list, buf, payload->comp_alg_len); - memset(buf, 0, sizeof(buf)); + ret = + silc_buffer_unformat(buffer, + SILC_STR_UI_XNSTRING_ALLOC(&payload->comp_alg_list, + payload->comp_alg_len), + SILC_STR_END); + if (ret == -1) { + status = SILC_SKE_STATUS_ERROR; + goto err; + } } silc_buffer_push(buffer, len2); @@ -297,6 +274,7 @@ SilcSKEStatus silc_ske_payload_one_encode(SilcSKE ske, SilcBuffer buf; unsigned char *e_str; unsigned int e_len; + int ret; SILC_LOG_DEBUG(("Encoding KE 1 Payload")); @@ -314,14 +292,20 @@ SilcSKEStatus silc_ske_payload_one_encode(SilcSKE ske, silc_buffer_pull_tail(buf, SILC_BUFFER_END(buf)); /* Encode the payload */ - silc_buffer_format(buf, - SILC_STR_UI_SHORT(payload->pk_len), - SILC_STR_UI_SHORT(payload->pk_type), - SILC_STR_UI_XNSTRING(payload->pk_data, - payload->pk_len), - SILC_STR_UI_SHORT(e_len), - SILC_STR_UI_XNSTRING(e_str, e_len), - SILC_STR_END); + ret = silc_buffer_format(buf, + SILC_STR_UI_SHORT(payload->pk_len), + SILC_STR_UI_SHORT(payload->pk_type), + SILC_STR_UI_XNSTRING(payload->pk_data, + payload->pk_len), + SILC_STR_UI_SHORT(e_len), + SILC_STR_UI_XNSTRING(e_str, e_len), + SILC_STR_END); + if (ret == -1) { + memset(e_str, 'F', e_len); + silc_free(e_str); + silc_buffer_free(buf); + return SILC_SKE_STATUS_ERROR; + } /* Return encoded buffer */ *return_buffer = buf; @@ -343,6 +327,7 @@ SilcSKEStatus silc_ske_payload_one_decode(SilcSKE ske, SilcSKEStatus status = SILC_SKE_STATUS_ERROR; unsigned char *e; unsigned short e_len; + int ret; SILC_LOG_DEBUG(("Decoding Key Exchange 1 Payload")); @@ -350,22 +335,32 @@ SilcSKEStatus silc_ske_payload_one_decode(SilcSKE ske, payload = silc_calloc(1, sizeof(*payload)); - silc_buffer_unformat(buffer, - SILC_STR_UI_SHORT(&payload->pk_len), - SILC_STR_UI_SHORT(&payload->pk_type), - SILC_STR_END); + /* Parse start of the payload */ + ret = silc_buffer_unformat(buffer, + SILC_STR_UI_SHORT(&payload->pk_len), + SILC_STR_UI_SHORT(&payload->pk_type), + SILC_STR_END); + if (ret == -1) { + status = SILC_SKE_STATUS_ERROR; + goto err; + } if (payload->pk_len < 5) { status = SILC_SKE_STATUS_BAD_PAYLOAD; goto err; } + /* Parse public key data */ silc_buffer_pull(buffer, 2 + 2); - silc_buffer_unformat(buffer, - SILC_STR_UI_XNSTRING_ALLOC(&payload->pk_data, - payload->pk_len), - SILC_STR_UI16_NSTRING_ALLOC(&e, &e_len), - SILC_STR_END); + ret = silc_buffer_unformat(buffer, + SILC_STR_UI_XNSTRING_ALLOC(&payload->pk_data, + payload->pk_len), + SILC_STR_UI16_NSTRING_ALLOC(&e, &e_len), + SILC_STR_END); + if (ret == -1) { + status = SILC_SKE_STATUS_ERROR; + goto err; + } if (e_len < 3) { status = SILC_SKE_STATUS_BAD_PAYLOAD; @@ -418,6 +413,7 @@ SilcSKEStatus silc_ske_payload_two_encode(SilcSKE ske, unsigned char *f_str; unsigned int f_len; unsigned int len; + int ret; SILC_LOG_DEBUG(("Encoding KE 2 Payload")); @@ -431,21 +427,26 @@ SilcSKEStatus silc_ske_payload_two_encode(SilcSKE ske, is 2 + 2 + public key + 2 + f + 2 + signature. */ len = payload->pk_len + 2 + 2 + f_len + 2 + payload->sign_len + 2; buf = silc_buffer_alloc(len); - - silc_buffer_pull_tail(buf, len); + silc_buffer_pull_tail(buf, SILC_BUFFER_END(buf)); /* Encode the payload */ - silc_buffer_format(buf, - SILC_STR_UI_SHORT(payload->pk_len), - SILC_STR_UI_SHORT(payload->pk_type), - SILC_STR_UI_XNSTRING(payload->pk_data, - payload->pk_len), - SILC_STR_UI_SHORT(f_len), - SILC_STR_UI_XNSTRING(f_str, f_len), - SILC_STR_UI_SHORT(payload->sign_len), - SILC_STR_UI_XNSTRING(payload->sign_data, - payload->sign_len), - SILC_STR_END); + ret = silc_buffer_format(buf, + SILC_STR_UI_SHORT(payload->pk_len), + SILC_STR_UI_SHORT(payload->pk_type), + SILC_STR_UI_XNSTRING(payload->pk_data, + payload->pk_len), + SILC_STR_UI_SHORT(f_len), + SILC_STR_UI_XNSTRING(f_str, f_len), + SILC_STR_UI_SHORT(payload->sign_len), + SILC_STR_UI_XNSTRING(payload->sign_data, + payload->sign_len), + SILC_STR_END); + if (ret == -1) { + memset(f_str, 'F', f_len); + silc_free(f_str); + silc_buffer_free(buf); + return SILC_SKE_STATUS_ERROR; + } /* Return encoded buffer */ *return_buffer = buf; @@ -468,21 +469,25 @@ SilcSKEStatus silc_ske_payload_two_decode(SilcSKE ske, unsigned char *f; unsigned short f_len; unsigned int tot_len = 0, len2; + int ret; SILC_LOG_DEBUG(("Decoding Key Exchange 2 Payload")); SILC_LOG_HEXDUMP(("KE 2 Payload"), buffer->data, buffer->len); payload = silc_calloc(1, sizeof(*payload)); - memset(buf, 0, sizeof(buf)); len2 = buffer->len; - /* Parse the payload */ - silc_buffer_unformat(buffer, - SILC_STR_UI_SHORT(&payload->pk_len), - SILC_STR_UI_SHORT(&payload->pk_type), - SILC_STR_END); + /* Parse start of the payload */ + ret = silc_buffer_unformat(buffer, + SILC_STR_UI_SHORT(&payload->pk_len), + SILC_STR_UI_SHORT(&payload->pk_type), + SILC_STR_END); + if (ret == -1) { + status = SILC_SKE_STATUS_ERROR; + goto err; + } if (payload->pk_len < 5) { status = SILC_SKE_STATUS_BAD_PAYLOAD; @@ -491,14 +496,19 @@ SilcSKEStatus silc_ske_payload_two_decode(SilcSKE ske, tot_len += payload->pk_len + 4; + /* Parse PK data and the signature */ silc_buffer_pull(buffer, 4); - silc_buffer_unformat(buffer, - SILC_STR_UI_XNSTRING_ALLOC(&payload->pk_data, - payload->pk_len), - SILC_STR_UI16_NSTRING_ALLOC(&f, &f_len), - SILC_STR_UI16_NSTRING_ALLOC(&payload->sign_data, - &payload->sign_len), - SILC_STR_END); + ret = silc_buffer_unformat(buffer, + SILC_STR_UI_XNSTRING_ALLOC(&payload->pk_data, + payload->pk_len), + SILC_STR_UI16_NSTRING_ALLOC(&f, &f_len), + SILC_STR_UI16_NSTRING_ALLOC(&payload->sign_data, + &payload->sign_len), + SILC_STR_END); + if (ret == -1) { + status = SILC_SKE_STATUS_ERROR; + goto err; + } tot_len += f_len + 2; tot_len += payload->sign_len + 2; diff --git a/lib/silcske/silcske.c b/lib/silcske/silcske.c index 34c4c167..952a5bd8 100644 --- a/lib/silcske/silcske.c +++ b/lib/silcske/silcske.c @@ -72,10 +72,14 @@ void silc_ske_free(SilcSKE ske) silc_buffer_free(ske->start_payload_copy); if (ske->pk) silc_free(ske->pk); - /* XXX - silc_mp_clear(&ske->x); - silc_mp_clear(&ske->KEY); - */ + if (ske->x) { + silc_mp_clear(ske->x); + silc_free(ske->x); + } + if (ske->KEY) { + silc_mp_clear(ske->KEY); + silc_free(ske->KEY); + } if (ske->hash) silc_free(ske->hash); silc_free(ske); @@ -145,8 +149,10 @@ SilcSKEStatus silc_ske_initiator_phase_1(SilcSKE ske, /* Decode the payload */ status = silc_ske_payload_start_decode(ske, start_payload, &payload); - if (status != SILC_SKE_STATUS_OK) + if (status != SILC_SKE_STATUS_OK) { + ske->status = status; return status; + } /* Take the selected security properties into use while doing the key exchange. This is used only while doing the key @@ -216,20 +222,23 @@ SilcSKEStatus silc_ske_initiator_phase_2(SilcSKE ske, { SilcSKEStatus status = SILC_SKE_STATUS_OK; SilcBuffer payload_buf; - SilcInt x, e; + SilcInt *x, e; SilcSKEOnePayload *payload; unsigned int pk_len; SILC_LOG_DEBUG(("Start")); /* Create the random number x, 1 < x < q. */ - silc_mp_init(&x); + x = silc_calloc(1, sizeof(*x)); + silc_mp_init(x); status = silc_ske_create_rnd(ske, ske->prop->group->group_order, silc_mp_sizeinbase(&ske->prop->group->group_order, 2), - &x); + x); if (status != SILC_SKE_STATUS_OK) { - silc_mp_clear(&x); + silc_mp_clear(x); + silc_free(x); + ske->status = status; return status; } @@ -237,20 +246,31 @@ SilcSKEStatus silc_ske_initiator_phase_2(SilcSKE ske, /* Do the Diffie Hellman computation, e = g ^ x mod p */ silc_mp_init(&e); - silc_mp_powm(&e, &ske->prop->group->generator, &x, + silc_mp_powm(&e, &ske->prop->group->generator, x, &ske->prop->group->group); /* Encode the result to Key Exchange 1 Payload. */ payload = silc_calloc(1, sizeof(*payload)); payload->e = e; payload->pk_data = silc_pkcs_public_key_encode(public_key, &pk_len); + if (!payload->pk_data) { + silc_mp_clear(x); + silc_free(x); + silc_mp_clear(&e); + silc_free(payload); + ske->status = SILC_SKE_STATUS_OK; + return ske->status; + } payload->pk_len = pk_len; payload->pk_type = SILC_SKE_PK_TYPE_SILC; status = silc_ske_payload_one_encode(ske, payload, &payload_buf); if (status != SILC_SKE_STATUS_OK) { - silc_mp_clear(&x); + silc_mp_clear(x); + silc_free(x); silc_mp_clear(&e); + silc_free(payload->pk_data); silc_free(payload); + ske->status = status; return status; } @@ -280,7 +300,7 @@ SilcSKEStatus silc_ske_initiator_finish(SilcSKE ske, SilcSKEStatus status = SILC_SKE_STATUS_OK; SilcSKETwoPayload *payload; SilcPublicKey public_key = NULL; - SilcInt KEY; + SilcInt *KEY; unsigned char hash[32]; unsigned int hash_len; @@ -288,15 +308,18 @@ SilcSKEStatus silc_ske_initiator_finish(SilcSKE ske, /* Decode the payload */ status = silc_ske_payload_two_decode(ske, ke2_payload, &payload); - if (status != SILC_SKE_STATUS_OK) + if (status != SILC_SKE_STATUS_OK) { + ske->status = status; return status; + } ske->ke2_payload = payload; SILC_LOG_DEBUG(("Computing KEY = f ^ x mod p")); /* Compute the shared secret key */ - silc_mp_init(&KEY); - silc_mp_powm(&KEY, &payload->f, &ske->x, &ske->prop->group->group); + KEY = silc_calloc(1, sizeof(*KEY)); + silc_mp_init(KEY); + silc_mp_powm(KEY, &payload->f, ske->x, &ske->prop->group->group); ske->KEY = KEY; SILC_LOG_DEBUG(("Verifying public key")); @@ -356,7 +379,9 @@ SilcSKEStatus silc_ske_initiator_finish(SilcSKE ske, silc_ske_payload_two_free(payload); ske->ke2_payload = NULL; - silc_mp_clear(&ske->KEY); + silc_mp_clear(ske->KEY); + silc_free(ske->KEY); + ske->KEY = NULL; if (public_key) silc_pkcs_public_key_free(public_key); @@ -397,8 +422,10 @@ SilcSKEStatus silc_ske_responder_start(SilcSKE ske, SilcRng rng, /* Decode the payload */ status = silc_ske_payload_start_decode(ske, start_payload, &remote_payload); - if (status != SILC_SKE_STATUS_OK) + if (status != SILC_SKE_STATUS_OK) { + ske->status = status; return status; + } /* Take a copy of the payload buffer for future use. It is used to compute the HASH value. */ @@ -443,7 +470,7 @@ SilcSKEStatus silc_ske_responder_phase_1(SilcSKE ske, SilcSKEStatus status = SILC_SKE_STATUS_OK; SilcBuffer payload_buf; SilcSKESecurityProperties prop; - SilcSKEDiffieHellmanGroup group; + SilcSKEDiffieHellmanGroup group = NULL; SILC_LOG_DEBUG(("Start")); @@ -489,7 +516,8 @@ SilcSKEStatus silc_ske_responder_phase_1(SilcSKE ske, return status; err: - silc_free(group); + if (group) + silc_free(group); if (prop->pkcs) silc_pkcs_free(prop->pkcs); @@ -523,23 +551,27 @@ SilcSKEStatus silc_ske_responder_phase_2(SilcSKE ske, SilcSKEStatus status = SILC_SKE_STATUS_OK; SilcSKEOnePayload *one_payload; SilcSKETwoPayload *two_payload; - SilcInt x, f; + SilcInt *x, f; SILC_LOG_DEBUG(("Start")); /* Decode Key Exchange 1 Payload */ status = silc_ske_payload_one_decode(ske, ke1_payload, &one_payload); - if (status != SILC_SKE_STATUS_OK) + if (status != SILC_SKE_STATUS_OK) { + ske->status = status; return status; + } /* Create the random number x, 1 < x < q. */ - silc_mp_init(&x); + x = silc_calloc(1, sizeof(*x)); + silc_mp_init(x); status = silc_ske_create_rnd(ske, ske->prop->group->group_order, silc_mp_sizeinbase(&ske->prop->group->group_order, 2), - &x); + x); if (status != SILC_SKE_STATUS_OK) { - silc_mp_clear(&x); + silc_mp_clear(x); + silc_free(x); return status; } @@ -547,7 +579,7 @@ SilcSKEStatus silc_ske_responder_phase_2(SilcSKE ske, /* Do the Diffie Hellman computation, f = g ^ x mod p */ silc_mp_init(&f); - silc_mp_powm(&f, &ske->prop->group->generator, &x, + silc_mp_powm(&f, &ske->prop->group->generator, x, &ske->prop->group->group); /* Save the results for later processing */ @@ -577,7 +609,7 @@ SilcSKEStatus silc_ske_responder_finish(SilcSKE ske, { SilcSKEStatus status = SILC_SKE_STATUS_OK; SilcBuffer payload_buf; - SilcInt KEY; + SilcInt *KEY; unsigned char hash[32], sign[256], *pk; unsigned int hash_len, sign_len, pk_len; @@ -586,8 +618,9 @@ SilcSKEStatus silc_ske_responder_finish(SilcSKE ske, SILC_LOG_DEBUG(("Computing KEY = e ^ x mod p")); /* Compute the shared secret key */ - silc_mp_init(&KEY); - silc_mp_powm(&KEY, &ske->ke1_payload->e, &ske->x, + KEY = silc_calloc(1, sizeof(*KEY)); + silc_mp_init(KEY); + silc_mp_powm(KEY, &ske->ke1_payload->e, ske->x, &ske->prop->group->group); ske->KEY = KEY; @@ -595,6 +628,10 @@ SilcSKEStatus silc_ske_responder_finish(SilcSKE ske, /* Get the public key */ pk = silc_pkcs_public_key_encode(public_key, &pk_len); + if (!pk) { + status = SILC_SKE_STATUS_ERROR; + goto err; + } ske->ke2_payload->pk_data = pk; ske->ke2_payload->pk_len = pk_len; ske->ke2_payload->pk_type = pk_type; @@ -639,7 +676,9 @@ SilcSKEStatus silc_ske_responder_finish(SilcSKE ske, return status; err: - silc_mp_clear(&ske->KEY); + silc_mp_clear(ske->KEY); + silc_free(ske->KEY); + ske->KEY = NULL; silc_ske_payload_two_free(ske->ke2_payload); if (status == SILC_SKE_STATUS_OK) @@ -786,8 +825,10 @@ silc_ske_select_security_properties(SilcSKE ske, /* Check version string */ status = silc_ske_check_version(ske, rp->version, rp->version_len); - if (status != SILC_SKE_STATUS_OK) + if (status != SILC_SKE_STATUS_OK) { + ske->status = status; return status; + } /* Flags are returned unchanged. */ payload->flags = rp->flags; @@ -1081,6 +1122,8 @@ SilcSKEStatus silc_ske_create_rnd(SilcSKE ske, SilcInt n, /* Get the random number as string */ string = silc_rng_get_rn_data(ske->rng, (len / 8)); + if (!string) + return SILC_SKE_STATUS_ERROR; /* Decode the string into a MP integer */ silc_mp_bin2mp(string, (len / 8), rnd); @@ -1109,30 +1152,37 @@ SilcSKEStatus silc_ske_make_hash(SilcSKE ske, SilcBuffer buf; unsigned char *e, *f, *KEY; unsigned int e_len, f_len, KEY_len; + int ret; SILC_LOG_DEBUG(("Start")); e = silc_mp_mp2bin(&ske->ke1_payload->e, &e_len); f = silc_mp_mp2bin(&ske->ke2_payload->f, &f_len); - KEY = silc_mp_mp2bin(&ske->KEY, &KEY_len); + KEY = silc_mp_mp2bin(ske->KEY, &KEY_len); buf = silc_buffer_alloc(ske->start_payload_copy->len + ske->pk_len + e_len + f_len + KEY_len); silc_buffer_pull_tail(buf, SILC_BUFFER_END(buf)); /* Format the buffer used to compute the hash value */ - silc_buffer_format(buf, - SILC_STR_UI_XNSTRING(ske->start_payload_copy->data, - ske->start_payload_copy->len), - SILC_STR_UI_XNSTRING(ske->pk, ske->pk_len), - SILC_STR_UI_XNSTRING(e, e_len), - SILC_STR_UI_XNSTRING(f, f_len), - SILC_STR_UI_XNSTRING(KEY, KEY_len), - SILC_STR_END); - -#if 0 - SILC_LOG_HEXDUMP(("Hash buffer"), buf->data, buf->len); -#endif + ret = silc_buffer_format(buf, + SILC_STR_UI_XNSTRING(ske->start_payload_copy->data, + ske->start_payload_copy->len), + SILC_STR_UI_XNSTRING(ske->pk, ske->pk_len), + SILC_STR_UI_XNSTRING(e, e_len), + SILC_STR_UI_XNSTRING(f, f_len), + SILC_STR_UI_XNSTRING(KEY, KEY_len), + SILC_STR_END); + if (ret == -1) { + silc_buffer_free(buf); + memset(e, 0, e_len); + memset(f, 0, f_len); + memset(KEY, 0, KEY_len); + silc_free(e); + silc_free(f); + silc_free(KEY); + return SILC_SKE_STATUS_ERROR; + } /* Make the hash */ silc_hash_make(ske->prop->hash, buf->data, buf->len, return_hash); @@ -1166,19 +1216,26 @@ SilcSKEStatus silc_ske_process_key_material(SilcSKE ske, unsigned char hash[32]; unsigned int hash_len = ske->prop->hash->hash->hash_len; unsigned int enc_key_len = req_enc_key_len / 8; + int ret; SILC_LOG_DEBUG(("Start")); /* Encode KEY to binary data */ - tmpbuf = silc_mp_mp2bin(&ske->KEY, &klen); + tmpbuf = silc_mp_mp2bin(ske->KEY, &klen); buf = silc_buffer_alloc(1 + klen + hash_len); silc_buffer_pull_tail(buf, SILC_BUFFER_END(buf)); - silc_buffer_format(buf, - SILC_STR_UI_CHAR(0), - SILC_STR_UI_XNSTRING(tmpbuf, klen), - SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len), - SILC_STR_END); + ret = silc_buffer_format(buf, + SILC_STR_UI_CHAR(0), + SILC_STR_UI_XNSTRING(tmpbuf, klen), + SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len), + SILC_STR_END); + if (ret == -1) { + memset(tmpbuf, 0, klen); + silc_free(tmpbuf); + silc_buffer_free(buf); + return SILC_SKE_STATUS_ERROR; + } /* Take IVs */ memset(hash, 0, sizeof(hash)); diff --git a/lib/silcske/silcske.h b/lib/silcske/silcske.h index 55613e4c..02d94dce 100644 --- a/lib/silcske/silcske.h +++ b/lib/silcske/silcske.h @@ -119,10 +119,10 @@ struct SilcSKEStruct { /* Random number x, 1 < x < q. This is the secret exponent used in Diffie Hellman computations. */ - SilcInt x; + SilcInt *x; /* The secret shared key */ - SilcInt KEY; + SilcInt *KEY; /* The hash value HASH of the key exchange */ unsigned char *hash; diff --git a/lib/silcutil/Makefile.am b/lib/silcutil/Makefile.am index 302738d5..3d42bd60 100644 --- a/lib/silcutil/Makefile.am +++ b/lib/silcutil/Makefile.am @@ -21,9 +21,7 @@ AUTOMAKE_OPTIONS = 1.0 no-dependencies foreign noinst_LIBRARIES = libsilcutil.a libsilcutil_a_SOURCES = \ - silcbuffer.c \ silcbuffmt.c \ - silcbufutil.c \ silcconfig.c \ silclog.c \ silcmemory.c \ diff --git a/lib/silcutil/silcbuffer.h b/lib/silcutil/silcbuffer.h index 8658e608..6060e667 100644 --- a/lib/silcutil/silcbuffer.h +++ b/lib/silcutil/silcbuffer.h @@ -17,6 +17,8 @@ GNU General Public License for more details. */ +/* $Id$ */ +/* Optimized buffer managing routines. These are short inline functions. */ #ifndef SILCBUFFER_H #define SILCBUFFER_H @@ -126,32 +128,24 @@ typedef SilcBufferObject *SilcBuffer; the buffer area to the end of the buffer. */ #define SILC_BUFFER_END(x) ((x)->end - (x)->head) -#ifndef SILC_DEBUG /* When we are not doing debugging we use - optimized inline buffer functions. */ -/* - * Optimized buffer managing routines. These are short inline - * functions. - */ +/* Inline functions */ extern inline SilcBuffer silc_buffer_alloc(unsigned int len) { SilcBuffer sb; - unsigned char *data; /* Allocate new SilcBuffer */ sb = silc_calloc(1, sizeof(*sb)); /* Allocate the actual data area */ - data = silc_calloc(len, sizeof(*data)); + sb->head = silc_calloc(len, sizeof(*sb->head)); /* Set pointers to the new buffer */ sb->truelen = len; - sb->len = 0; - sb->head = data; - sb->data = data; - sb->tail = data; - sb->end = data + sb->truelen; + sb->data = sb->head; + sb->tail = sb->head; + sb->end = sb->head + sb->truelen; return sb; } @@ -190,7 +184,9 @@ unsigned char *silc_buffer_pull(SilcBuffer sb, unsigned int len) { unsigned char *old_data = sb->data; +#ifdef SILC_DEBUG assert(len <= (sb->tail - sb->data)); +#endif sb->data += len; sb->len -= len; @@ -220,7 +216,9 @@ unsigned char *silc_buffer_push(SilcBuffer sb, unsigned int len) { unsigned char *old_data = sb->data; +#ifdef SILC_DEBUG assert((sb->data - len) >= sb->head); +#endif sb->data -= len; sb->len += len; @@ -250,7 +248,9 @@ unsigned char *silc_buffer_pull_tail(SilcBuffer sb, unsigned int len) { unsigned char *old_tail = sb->tail; +#ifdef SILC_DEBUG assert((sb->end - sb->tail) >= len); +#endif sb->tail += len; sb->len += len; @@ -280,7 +280,9 @@ unsigned char *silc_buffer_push_tail(SilcBuffer sb, unsigned int len) { unsigned char *old_tail = sb->tail; +#ifdef SILC_DEBUG assert((sb->tail - len) >= sb->data); +#endif sb->tail -= len; sb->len -= len; @@ -304,7 +306,9 @@ unsigned char *silc_buffer_put_head(SilcBuffer sb, unsigned char *data, unsigned int len) { +#ifdef SILC_DEBUG assert((sb->data - sb->head) >= len); +#endif return memcpy(sb->head, data, len); } @@ -324,7 +328,9 @@ unsigned char *silc_buffer_put(SilcBuffer sb, unsigned char *data, unsigned int len) { +#ifdef SILC_DEBUG assert((sb->tail - sb->data) >= len); +#endif return memcpy(sb->data, data, len); } @@ -344,29 +350,10 @@ unsigned char *silc_buffer_put_tail(SilcBuffer sb, unsigned char *data, unsigned int len) { +#ifdef SILC_DEBUG assert((sb->end - sb->tail) >= len); +#endif return memcpy(sb->tail, data, len); } -#endif /* !SILC_DEBUG */ - -/* Prototypes */ -#ifdef SILC_DEBUG -SilcBuffer silc_buffer_alloc(unsigned int len); -void silc_buffer_free(SilcBuffer sb); -unsigned char *silc_buffer_pull(SilcBuffer sb, unsigned int len); -unsigned char *silc_buffer_push(SilcBuffer sb, unsigned int len); -unsigned char *silc_buffer_pull_tail(SilcBuffer sb, unsigned int len); -unsigned char *silc_buffer_push_tail(SilcBuffer sb, unsigned int len); -unsigned char *silc_buffer_put_head(SilcBuffer sb, - unsigned char *data, - unsigned int len); -unsigned char *silc_buffer_put(SilcBuffer sb, - unsigned char *data, - unsigned int len); -unsigned char *silc_buffer_put_tail(SilcBuffer sb, - unsigned char *data, - unsigned int len); -#endif - #endif diff --git a/lib/silcutil/silcbuffmt.c b/lib/silcutil/silcbuffmt.c index 54cf0e2c..7faae546 100644 --- a/lib/silcutil/silcbuffmt.c +++ b/lib/silcutil/silcbuffmt.c @@ -17,15 +17,19 @@ GNU General Public License for more details. */ -/* XXX: These routines needs to be made more stable as these can crash - if the data (for unformatting for example) is malformed or the buffer - is too short. Must be fixed. There are some other obvious bugs as - well. */ -/* - * $Id$ */ +/* $Id$ */ #include "silcincludes.h" +/* Macro to check whether there is enough free space to add the + required amount of data. For unformatting this means that there must + be the data that is to be extracted. */ +#define HAS_SPACE(x, req) \ +do { \ + if (req > (x)->len) \ + goto fail; \ +} while(0) + /* Formats the arguments sent and puts them into the buffer sent as argument. The buffer must be initialized beforehand and it must have enough free space to include the formatted data. If this function @@ -49,6 +53,7 @@ int silc_buffer_format(SilcBuffer dst, ...) case SILC_BUFFER_PARAM_SI8_CHAR: { char x = (char)va_arg(ap, int); + HAS_SPACE(dst, 1); silc_buffer_put(dst, &x, 1); silc_buffer_pull(dst, 1); break; @@ -56,6 +61,7 @@ int silc_buffer_format(SilcBuffer dst, ...) case SILC_BUFFER_PARAM_UI8_CHAR: { unsigned char x = (unsigned char)va_arg(ap, int); + HAS_SPACE(dst, 1); silc_buffer_put(dst, &x, 1); silc_buffer_pull(dst, 1); break; @@ -64,6 +70,7 @@ int silc_buffer_format(SilcBuffer dst, ...) { unsigned char xf[2]; short x = (short)va_arg(ap, int); + HAS_SPACE(dst, 2); SILC_PUT16_MSB(x, xf); silc_buffer_put(dst, xf, 2); silc_buffer_pull(dst, 2); @@ -73,6 +80,7 @@ int silc_buffer_format(SilcBuffer dst, ...) { unsigned char xf[2]; unsigned short x = (unsigned short)va_arg(ap, int); + HAS_SPACE(dst, 2); SILC_PUT16_MSB(x, xf); silc_buffer_put(dst, xf, 2); silc_buffer_pull(dst, 2); @@ -82,6 +90,7 @@ int silc_buffer_format(SilcBuffer dst, ...) { unsigned char xf[4]; int x = va_arg(ap, int); + HAS_SPACE(dst, 4); SILC_PUT32_MSB(x, xf); silc_buffer_put(dst, xf, 4); silc_buffer_pull(dst, 4); @@ -91,6 +100,7 @@ int silc_buffer_format(SilcBuffer dst, ...) { unsigned char xf[4]; unsigned int x = va_arg(ap, unsigned int); + HAS_SPACE(dst, 4); SILC_PUT32_MSB(x, xf); silc_buffer_put(dst, xf, 4); silc_buffer_pull(dst, 4); @@ -102,8 +112,10 @@ int silc_buffer_format(SilcBuffer dst, ...) case SILC_BUFFER_PARAM_UI32_STRING_ALLOC: { unsigned char *x = va_arg(ap, unsigned char *); - silc_buffer_put(dst, x, strlen(x)); - silc_buffer_pull(dst, strlen(x)); + int tmp_len = strlen(x); + HAS_SPACE(dst, tmp_len); + silc_buffer_put(dst, x, tmp_len); + silc_buffer_pull(dst, tmp_len); break; } case SILC_BUFFER_PARAM_UI16_NSTRING: @@ -115,6 +127,7 @@ int silc_buffer_format(SilcBuffer dst, ...) { unsigned char *x = va_arg(ap, unsigned char *); unsigned int len = va_arg(ap, unsigned int); + HAS_SPACE(dst, len); silc_buffer_put(dst, x, len); silc_buffer_pull(dst, len); break; @@ -123,7 +136,7 @@ int silc_buffer_format(SilcBuffer dst, ...) goto ok; break; default: - SILC_LOG_ERROR(("Bad buffer formatting type `%d'. Could not " + SILC_LOG_DEBUG(("Bad buffer formatting type `%d'. Could not " "format the data.", fmt)); goto fail; break; @@ -131,8 +144,8 @@ int silc_buffer_format(SilcBuffer dst, ...) } fail: - SILC_LOG_ERROR(("Error occured while formatting data")); - return FALSE; + SILC_LOG_DEBUG(("Error occured while formatting data")); + return -1; ok: /* Push the buffer back to where it belongs. */ @@ -162,6 +175,7 @@ int silc_buffer_unformat(SilcBuffer src, ...) case SILC_BUFFER_PARAM_SI8_CHAR: { char *x = va_arg(ap, char *); + HAS_SPACE(src, 1); if (x) *x = src->data[0]; silc_buffer_pull(src, 1); @@ -170,6 +184,7 @@ int silc_buffer_unformat(SilcBuffer src, ...) case SILC_BUFFER_PARAM_UI8_CHAR: { unsigned char *x = va_arg(ap, unsigned char *); + HAS_SPACE(src, 1); if (x) *x = src->data[0]; silc_buffer_pull(src, 1); @@ -178,6 +193,7 @@ int silc_buffer_unformat(SilcBuffer src, ...) case SILC_BUFFER_PARAM_SI16_SHORT: { short *x = va_arg(ap, short *); + HAS_SPACE(src, 2); if (x) SILC_GET16_MSB(*x, src->data); silc_buffer_pull(src, 2); @@ -186,6 +202,7 @@ int silc_buffer_unformat(SilcBuffer src, ...) case SILC_BUFFER_PARAM_UI16_SHORT: { unsigned short *x = va_arg(ap, unsigned short *); + HAS_SPACE(src, 2); if (x) SILC_GET16_MSB(*x, src->data); silc_buffer_pull(src, 2); @@ -194,6 +211,7 @@ int silc_buffer_unformat(SilcBuffer src, ...) case SILC_BUFFER_PARAM_SI32_INT: { int *x = va_arg(ap, int *); + HAS_SPACE(src, 4); if (x) SILC_GET32_MSB(*x, src->data); silc_buffer_pull(src, 4); @@ -202,6 +220,7 @@ int silc_buffer_unformat(SilcBuffer src, ...) case SILC_BUFFER_PARAM_UI32_INT: { unsigned int *x = va_arg(ap, unsigned int *); + HAS_SPACE(src, 4); if (x) SILC_GET32_MSB(*x, src->data); silc_buffer_pull(src, 4); @@ -211,14 +230,12 @@ int silc_buffer_unformat(SilcBuffer src, ...) { unsigned short len2; unsigned char **x = va_arg(ap, unsigned char **); + HAS_SPACE(src, 2); SILC_GET16_MSB(len2, src->data); silc_buffer_pull(src, 2); - if ((len2 > src->len)) - goto fail; - if (len2 < 1) - break; + HAS_SPACE(src, len2); if (x) - memcpy(x, src->data, len2); + *x = src->data; silc_buffer_pull(src, len2); break; } @@ -226,12 +243,10 @@ int silc_buffer_unformat(SilcBuffer src, ...) { unsigned short len2; unsigned char **x = va_arg(ap, unsigned char **); + HAS_SPACE(src, 2); SILC_GET16_MSB(len2, src->data); silc_buffer_pull(src, 2); - if ((len2 > src->len)) - goto fail; - if (len2 < 1) - break; + HAS_SPACE(src, len2); if (x) { *x = silc_calloc(len2 + 1, sizeof(unsigned char)); memcpy(*x, src->data, len2); @@ -243,14 +258,12 @@ int silc_buffer_unformat(SilcBuffer src, ...) { unsigned int len2; unsigned char **x = va_arg(ap, unsigned char **); + HAS_SPACE(src, 4); SILC_GET32_MSB(len2, src->data); silc_buffer_pull(src, 4); - if ((len2 > src->len)) - goto fail; - if (len2 < 1) - break; + HAS_SPACE(src, len2); if (x) - memcpy(x, src->data, len2); + *x = src->data; silc_buffer_pull(src, len2); break; } @@ -258,12 +271,10 @@ int silc_buffer_unformat(SilcBuffer src, ...) { unsigned int len2; unsigned char **x = va_arg(ap, unsigned char **); + HAS_SPACE(src, 4); SILC_GET32_MSB(len2, src->data); silc_buffer_pull(src, 4); - if ((len2 > src->len)) - goto fail; - if (len2 < 1) - break; + HAS_SPACE(src, len2); if (x) { *x = silc_calloc(len2 + 1, sizeof(unsigned char)); memcpy(*x, src->data, len2); @@ -276,16 +287,14 @@ int silc_buffer_unformat(SilcBuffer src, ...) unsigned short len2; unsigned char **x = va_arg(ap, unsigned char **); unsigned short *len = va_arg(ap, unsigned short *); + HAS_SPACE(src, 2); SILC_GET16_MSB(len2, src->data); silc_buffer_pull(src, 2); - if ((len2 > src->len)) - break; - if (len2 < 1) - break; + HAS_SPACE(src, len2); if (len) *len = len2; if (x) - memcpy(x, src->data, len2); + *x = src->data; silc_buffer_pull(src, len2); break; } @@ -294,12 +303,10 @@ int silc_buffer_unformat(SilcBuffer src, ...) unsigned short len2; unsigned char **x = va_arg(ap, unsigned char **); unsigned short *len = va_arg(ap, unsigned short *); + HAS_SPACE(src, 2); SILC_GET16_MSB(len2, src->data); silc_buffer_pull(src, 2); - if ((len2 > src->len)) - break; - if (len2 < 1) - break; + HAS_SPACE(src, len2); if (len) *len = len2; if (x) { @@ -314,36 +321,36 @@ int silc_buffer_unformat(SilcBuffer src, ...) unsigned int len2; unsigned char **x = va_arg(ap, unsigned char **); unsigned int *len = va_arg(ap, unsigned int *); + HAS_SPACE(src, 4); SILC_GET32_MSB(len2, src->data); silc_buffer_pull(src, 4); - if ((len2 > src->len)) - goto fail; - if (len2 < 1) - break; + HAS_SPACE(src, len2); if (len) *len = len2; if (x) - memcpy(x, src->data, len2); + *x = src->data; silc_buffer_pull(src, len2); break; } - case SILC_BUFFER_PARAM_UI_XNSTRING_ALLOC: + case SILC_BUFFER_PARAM_UI_XNSTRING: { unsigned char **x = va_arg(ap, unsigned char **); unsigned int len = va_arg(ap, unsigned int); - if (len && x) { - *x = silc_calloc(len + 1, sizeof(unsigned char)); - memcpy(*x, src->data, len); - } + HAS_SPACE(src, len); + if (len && x) + *x = src->data; silc_buffer_pull(src, len); break; } - case SILC_BUFFER_PARAM_UI_XNSTRING: + case SILC_BUFFER_PARAM_UI_XNSTRING_ALLOC: { unsigned char **x = va_arg(ap, unsigned char **); unsigned int len = va_arg(ap, unsigned int); - if (len && x) - memcpy(x, src->data, len); + HAS_SPACE(src, len); + if (len && x) { + *x = silc_calloc(len + 1, sizeof(unsigned char)); + memcpy(*x, src->data, len); + } silc_buffer_pull(src, len); break; } @@ -351,7 +358,7 @@ int silc_buffer_unformat(SilcBuffer src, ...) goto ok; break; default: - SILC_LOG_ERROR(("Bad buffer formatting type `%d'. Could not " + SILC_LOG_DEBUG(("Bad buffer formatting type `%d'. Could not " "format the data.", fmt)); goto fail; break; @@ -359,8 +366,8 @@ int silc_buffer_unformat(SilcBuffer src, ...) } fail: - SILC_LOG_ERROR(("Error occured while unformatting buffer")); - return FALSE; + SILC_LOG_DEBUG(("Error occured while unformatting buffer")); + return -1; ok: /* Push the buffer back to the start. */ diff --git a/lib/silcutil/silcbuffmt.h b/lib/silcutil/silcbuffmt.h index 25834505..e50e4550 100644 --- a/lib/silcutil/silcbuffmt.h +++ b/lib/silcutil/silcbuffmt.h @@ -26,6 +26,13 @@ _SI_ = signed _UI_ = unsigned + Any XXX_STRING_ALLOC types will allocate space for the data and + memcpy the data to the pointer sent as argument (in unformatting). + + Any XXX_STRING will not allocate or copy any data. Instead it + will set the pointer to the data. Note that the data pointer + returned (in unformatting) must not be freed. + */ typedef enum { SILC_BUFFER_PARAM_SI8_CHAR, @@ -37,16 +44,16 @@ typedef enum { SILC_BUFFER_PARAM_SI32_INT, SILC_BUFFER_PARAM_UI32_INT, - SILC_BUFFER_PARAM_UI16_STRING, - SILC_BUFFER_PARAM_UI16_STRING_ALLOC, - SILC_BUFFER_PARAM_UI32_STRING, - SILC_BUFFER_PARAM_UI32_STRING_ALLOC, - SILC_BUFFER_PARAM_UI16_NSTRING, - SILC_BUFFER_PARAM_UI16_NSTRING_ALLOC, - SILC_BUFFER_PARAM_UI32_NSTRING, - SILC_BUFFER_PARAM_UI32_NSTRING_ALLOC, - SILC_BUFFER_PARAM_UI_XNSTRING, - SILC_BUFFER_PARAM_UI_XNSTRING_ALLOC, + SILC_BUFFER_PARAM_UI16_STRING, /* No copy */ + SILC_BUFFER_PARAM_UI16_STRING_ALLOC, /* Alloc + memcpy */ + SILC_BUFFER_PARAM_UI32_STRING, /* No copy */ + SILC_BUFFER_PARAM_UI32_STRING_ALLOC, /* Alloc + memcpy */ + SILC_BUFFER_PARAM_UI16_NSTRING, /* No copy */ + SILC_BUFFER_PARAM_UI16_NSTRING_ALLOC, /* Alloc + memcpy */ + SILC_BUFFER_PARAM_UI32_NSTRING, /* No copy */ + SILC_BUFFER_PARAM_UI32_NSTRING_ALLOC, /* Alloc + memcpy */ + SILC_BUFFER_PARAM_UI_XNSTRING, /* No copy */ + SILC_BUFFER_PARAM_UI_XNSTRING_ALLOC, /* Alloc + memcpy */ SILC_BUFFER_PARAM_END } SilcBufferParamType; diff --git a/lib/silcutil/silcbufutil.h b/lib/silcutil/silcbufutil.h index 1525375d..6b41270a 100644 --- a/lib/silcutil/silcbufutil.h +++ b/lib/silcutil/silcbufutil.h @@ -21,8 +21,7 @@ #ifndef SILCBUFUTIL_H #define SILCBUFUTIL_H -#ifndef SILC_DEBUG /* When we are not doing debugging we use - optimized inline buffer functions. */ +#include "silcbuffer.h" /* Clears and initialiazes the buffer to the state as if it was just allocated by silc_buffer_alloc. */ @@ -92,14 +91,4 @@ SilcBuffer silc_buffer_realloc(SilcBuffer sb, unsigned int newsize) return sb_new; } -#endif /* !SILC_DEBUG */ - -/* Prototypes */ -#ifdef SILC_DEBUG -void silc_buffer_clear(SilcBuffer sb); -SilcBuffer silc_buffer_copy(SilcBuffer sb); -SilcBuffer silc_buffer_clone(SilcBuffer sb); -SilcBuffer silc_buffer_realloc(SilcBuffer sb, unsigned int newsize); -#endif - #endif diff --git a/lib/silcutil/silcconfig.c b/lib/silcutil/silcconfig.c index 1cb27bf4..97b48a46 100644 --- a/lib/silcutil/silcconfig.c +++ b/lib/silcutil/silcconfig.c @@ -17,22 +17,7 @@ GNU General Public License for more details. */ -/* - * $Id$ - * $Log$ - * Revision 1.1 2000/09/13 17:45:16 priikone - * Splitted SILC core library. Core library includes now only - * SILC protocol specific stuff. New utility library includes the - * old stuff from core library that is more generic purpose stuff. - * - * Revision 1.2 2000/07/05 06:06:35 priikone - * Global cosmetic change. - * - * Revision 1.1.1.1 2000/06/27 11:36:55 priikone - * Imported from internal CVS/Added Log headers. - * - * - */ +/* $Id$ */ #include "silcincludes.h" @@ -70,7 +55,6 @@ int silc_config_get_token(SilcBuffer buffer, char **dest) len = strcspn(buffer->data, ":"); if (len) { *dest = silc_calloc(len + 1, sizeof(char)); - memset(*dest, 0, len + 1); memcpy(*dest, buffer->data, len); } silc_buffer_pull(buffer, len + 1); diff --git a/lib/silcutil/silclog.c b/lib/silcutil/silclog.c index 243ce20e..560b3a5d 100644 --- a/lib/silcutil/silclog.c +++ b/lib/silcutil/silclog.c @@ -147,7 +147,6 @@ void silc_log_output_debug(char *file, char *function, return; } - /* fprintf(stderr, "%s:%s:%d: %s\n", file, function, line, string); */ fprintf(stderr, "%s:%d: %s\n", function, line, string); fflush(stderr); silc_free(string); @@ -175,7 +174,6 @@ void silc_log_output_hexdump(char *file, char *function, return; } - /* fprintf(stderr, "%s:%s:%d: %s\n", file, function, line, string); */ fprintf(stderr, "%s:%d: %s\n", function, line, string); silc_free(string); diff --git a/lib/silcutil/silcmemory.c b/lib/silcutil/silcmemory.c index e5ebae56..2e3f2bee 100644 --- a/lib/silcutil/silcmemory.c +++ b/lib/silcutil/silcmemory.c @@ -17,22 +17,7 @@ GNU General Public License for more details. */ -/* - * $Id$ - * $Log$ - * Revision 1.1 2000/09/13 17:45:16 priikone - * Splitted SILC core library. Core library includes now only - * SILC protocol specific stuff. New utility library includes the - * old stuff from core library that is more generic purpose stuff. - * - * Revision 1.2 2000/07/05 06:05:56 priikone - * Assert if system is out of memory. - * - * Revision 1.1.1.1 2000/06/27 11:36:55 priikone - * Imported from internal CVS/Added Log headers. - * - * - */ +/* $Id$ */ #include "silcincludes.h" diff --git a/lib/silcutil/silcnet.c b/lib/silcutil/silcnet.c index d06731d1..428f764c 100644 --- a/lib/silcutil/silcnet.c +++ b/lib/silcutil/silcnet.c @@ -17,31 +17,7 @@ GNU General Public License for more details. */ -/* - * $Id$ - * $Log$ - * Revision 1.3 2000/12/17 13:07:35 priikone - * Added require_reverse_mapping for ServerParams. - * - * Revision 1.2 2000/10/31 19:48:32 priikone - * A LOT updates. Cannot separate. :) - * - * Revision 1.1 2000/09/13 17:45:16 priikone - * Splitted SILC core library. Core library includes now only - * SILC protocol specific stuff. New utility library includes the - * old stuff from core library that is more generic purpose stuff. - * - * Revision 1.3 2000/07/05 06:06:35 priikone - * Global cosmetic change. - * - * Revision 1.2 2000/06/30 10:49:48 priikone - * Added SOCKS4 and SOCKS5 support for SILC client. - * - * Revision 1.1.1.1 2000/06/27 11:36:55 priikone - * Imported from internal CVS/Added Log headers. - * - * - */ +/* $Id$ */ #include "silcincludes.h" #include "silcnet.h" diff --git a/lib/silcutil/silcutil.c b/lib/silcutil/silcutil.c index ea3733de..5511cd06 100644 --- a/lib/silcutil/silcutil.c +++ b/lib/silcutil/silcutil.c @@ -270,7 +270,7 @@ int silc_string_compare(char *string1, char *string2) return FALSE; } -unsigned char pem_enc[64] = +static unsigned char pem_enc[64] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; /* Encodes data into PEM encoding. Returns NULL terminated PEM encoded @@ -457,7 +457,7 @@ int silc_parse_nickname(char *string, char **nickname, char **server, } if (server) { - *server = silc_calloc(strlen(string) - tlen, sizeof(char)); + *server = silc_calloc((strlen(string) - tlen) + 1, sizeof(char)); memcpy(*server, string + tlen + 1, strlen(string) - tlen - 1); } } else { diff --git a/prepare b/prepare index be4f9e34..4c7b3aba 100755 --- a/prepare +++ b/prepare @@ -1,10 +1,10 @@ #!/bin/sh # -# prepare-clean +# prepare # # Author: Pekka Riikonen # -# Copyright (C) 2000 Pekka Riikonen +# Copyright (C) 2000 - 2001 Pekka Riikonen # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by