From: Pekka Riikonen <priikone@silcnet.org>
Date: Thu, 26 Sep 2002 11:50:26 +0000 (+0000)
Subject: 	If packet processing fails (like integrity check fails etc) the
X-Git-Tag: silc.client.0.9.6~73
X-Git-Url: http://git.silcnet.org/gitweb/?p=silc.git;a=commitdiff_plain;h=98b63457f2e02fbba39bd8fa1e87b64fea40d5ff

	If packet processing fails (like integrity check fails etc) the
	connection is closed.
---

diff --git a/apps/silcd/server.c b/apps/silcd/server.c
index 6c8156c0..81ff0769 100644
--- a/apps/silcd/server.c
+++ b/apps/silcd/server.c
@@ -2233,15 +2233,8 @@ SILC_TASK_CALLBACK(silc_server_packet_process)
 			            TRUE : FALSE, cipher, hmac, sequence,
 			            silc_server_packet_parse, server);
 
-  /* If this socket connection is not authenticated yet and the packet
-     processing failed we will drop the connection since it can be
-     a malicious flooder. */
-  if (sock->type == SILC_SOCKET_TYPE_UNKNOWN && ret == FALSE &&
-      (!sock->protocol || sock->protocol->protocol->type ==
-       SILC_PROTOCOL_SERVER_KEY_EXCHANGE)) {
-    SILC_LOG_DEBUG(("Bad data sent from unknown connection %d", sock->sock));
-    SILC_SET_DISCONNECTING(sock);
-
+  /* If processing failed the connection is closed. */
+  if (!ret) {
     if (sock->user_data)
       silc_server_free_sock_user_data(server, sock, NULL);
     silc_server_close_connection(server, sock);
diff --git a/lib/silccore/silcpacket.c b/lib/silccore/silcpacket.c
index 56312006..b2fad174 100644
--- a/lib/silccore/silcpacket.c
+++ b/lib/silccore/silcpacket.c
@@ -333,7 +333,7 @@ bool silc_packet_receive_process(SilcSocketConnection sock,
 
     /* Sanity checks */
     if (packetlen < SILC_PACKET_MIN_LEN) {
-      SILC_LOG_DEBUG(("Received invalid packet, dropped"));
+      SILC_LOG_ERROR(("Received invalid packet, dropped"));
       silc_buffer_clear(sock->inbuf);
       return FALSE;
     }
@@ -395,6 +395,7 @@ bool silc_packet_receive_process(SilcSocketConnection sock,
 			   sock->type == SILC_SOCKET_TYPE_CLIENT ? "Client" :
 			   sock->type == SILC_SOCKET_TYPE_SERVER ? "Server" :
 			   "Router")));
+	return FALSE;
       }
 
     /* Pull the packet from inbuf thus we'll get the next one
@@ -463,7 +464,7 @@ static int silc_packet_decrypt_rest(SilcCipher cipher, SilcHmac hmac,
       if ((buffer->len - silc_hmac_len(hmac)) > SILC_PACKET_MIN_LEN) {
 	silc_buffer_push_tail(buffer, silc_hmac_len(hmac));
       } else {
-	SILC_LOG_DEBUG(("Bad MAC length in packet, packet dropped"));
+	SILC_LOG_ERROR(("Bad MAC length in packet, packet dropped"));
 	return FALSE;
       }
     }
@@ -502,7 +503,7 @@ static int silc_packet_decrypt_rest_special(SilcCipher cipher,
       if ((buffer->len - silc_hmac_len(hmac)) > SILC_PACKET_MIN_LEN) {
 	silc_buffer_push_tail(buffer, silc_hmac_len(hmac));
       } else {
-	SILC_LOG_DEBUG(("Bad MAC length in packet, packet dropped"));
+	SILC_LOG_ERROR(("Bad MAC length in packet, packet dropped"));
 	return FALSE;
       }
     }
@@ -517,7 +518,7 @@ static int silc_packet_decrypt_rest_special(SilcCipher cipher,
 
     silc_buffer_pull(buffer, SILC_PACKET_MIN_HEADER_LEN);
     if (len > buffer->len) {
-      SILC_LOG_DEBUG(("Garbage in header of packet, bad packet length, "
+      SILC_LOG_ERROR(("Garbage in header of packet, bad packet length, "
 		      "packet dropped"));
       return FALSE;
     }