From: Giovanni Giacobbi Date: Sun, 14 Apr 2002 18:13:30 +0000 (+0000) Subject: fixed crash when bogus payload (auth_data == NULL) was received. X-Git-Tag: silc.toolkit.0.9~58 X-Git-Url: http://git.silcnet.org/gitweb/?p=silc.git;a=commitdiff_plain;h=8bf7b88c801ed119cc67664b0ffb22617125e626 fixed crash when bogus payload (auth_data == NULL) was received. also don't extend the memcmp to memory locations not really allocated. --- diff --git a/CHANGES b/CHANGES index 2054572c..7671b248 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,9 @@ +Sun Apr 14 19:49:02 CEST 2002 Johnny Mnemonic + + * Fixed a bug in library where sending a bogus authentication + payload would lead to a crash. Affected file is + lib/silccore/silcauth.c. + Sat Apr 13 13:09:24 EEST 2002 Pekka Riikonen * Added detach_disabled and detach_timeout server config @@ -6,7 +12,7 @@ Sat Apr 13 13:09:24 EEST 2002 Pekka Riikonen Fri Apr 12 20:09:08 EEST 2002 Pekka Riikonen - Added resolve_cmd_ident field to the SilcClientEntry structure + * Added resolve_cmd_ident field to the SilcClientEntry structure too so that if the entry is for example being resolved so another command may attach to the same pending command reply without requiring to resolve the same entry again. Added diff --git a/lib/silccore/silcauth.c b/lib/silccore/silcauth.c index 2a3f21c9..cab3ae99 100644 --- a/lib/silccore/silcauth.c +++ b/lib/silccore/silcauth.c @@ -73,12 +73,6 @@ SilcAuthPayload silc_auth_payload_parse(const unsigned char *data, return NULL; } - /* Authentication data must be provided */ - if (newp->auth_len < 1) { - silc_auth_payload_free(newp); - return NULL; - } - /* If password authentication, random data must not be set */ if (newp->auth_method == SILC_AUTH_PASSWORD && newp->random_len) { silc_auth_payload_free(newp); @@ -385,7 +379,7 @@ bool silc_auth_verify(SilcAuthPayload payload, SilcAuthMethod auth_method, { SILC_LOG_DEBUG(("Verifying authentication")); - if (!payload || auth_method != payload->auth_method) + if (auth_method != payload->auth_method) return FALSE; switch (payload->auth_method) { @@ -397,12 +391,15 @@ bool silc_auth_verify(SilcAuthPayload payload, SilcAuthMethod auth_method, case SILC_AUTH_PASSWORD: /* Passphrase based authentication. The `pkcs', `hash', `id' and `type' arguments are not needed. */ - - /* Sanity checks */ - if ((payload->auth_len == 0) || !auth_data || - payload->auth_len != auth_data_len) + /* Carefully check that the auth_data field of the payload is not empty + (len=0), which seems to be a legal packet but would crash the + application. Maybe such packet should be dropped. -Johnny 2002/14/4 */ + if ((payload->auth_len == 0) || !auth_data) break; + /* if lengths mismatch, avoid comparing unallocated memory locations */ + if (payload->auth_len != auth_data_len) + break; if (!memcmp(payload->auth_data, auth_data, auth_data_len)) { SILC_LOG_DEBUG(("Passphrase Authentication successful")); return TRUE;