From: Pekka Riikonen <priikone@silcnet.org>
Date: Thu, 20 Dec 2001 15:24:15 +0000 (+0000)
Subject: 	updates
X-Git-Tag: silc.server.0.7.3~7
X-Git-Url: http://git.silcnet.org/gitweb/?p=silc.git;a=commitdiff_plain;h=e50e549b600925afc90f47133a1c86b8a9f34bb0

	updates
---

diff --git a/CHANGES b/CHANGES
index 2ffe0ed5..e0ca47c1 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,14 @@
+Thu Dec 20 16:14:52 CET 2001  Pekka Riikonen <priikone@silcnet.org>
+
+	* The silc_packet_receive_process now returns FALSE if the
+	  read data was invalid packet, and TRUE if it was ok.
+
+	  The server now checks that if unauthenticated connection
+	  sends data and its processing fails the server will close
+	  the connection since it could be a malicious flooder. 
+
+	  Affected files lib/silccore/silcpacket.[ch], silcd/server.c.
+
 Wed Dec 19 21:31:25 EET 2001  Pekka Riikonen <priikone@silcnet.org>
 
 	* Make sure the warning about error opening a log file is
diff --git a/apps/silcd/server.c b/apps/silcd/server.c
index d6a4d4e2..add682ce 100644
--- a/apps/silcd/server.c
+++ b/apps/silcd/server.c
@@ -1592,9 +1592,23 @@ SILC_TASK_CALLBACK(silc_server_packet_process)
  
   /* Process the packet. This will call the parser that will then
      decrypt and parse the packet. */
-  silc_packet_receive_process(sock, server->server_type == SILC_ROUTER ? 
-			      TRUE : FALSE, cipher, hmac, sequence, 
-			      silc_server_packet_parse, server);
+  ret = silc_packet_receive_process(sock, server->server_type == SILC_ROUTER ? 
+			            TRUE : FALSE, cipher, hmac, sequence, 
+			            silc_server_packet_parse, server);
+
+  /* If this socket connection is not authenticated yet and the packet
+     processing failed we will drop the connection since it can be
+     a malicious flooder. */
+  if (sock->type == SILC_SOCKET_TYPE_UNKNOWN && ret == FALSE &&
+      (!sock->protocol || sock->protocol->protocol->type ==
+       SILC_PROTOCOL_SERVER_KEY_EXCHANGE)) {
+    SILC_LOG_DEBUG(("Bad data sent from unknown connection %d", sock->sock));
+    SILC_SET_DISCONNECTING(sock);
+
+    if (sock->user_data)
+      silc_server_free_sock_user_data(server, sock);
+    silc_server_close_connection(server, sock);
+  }
 }
   
 /* Parses whole packet, received earlier. */
diff --git a/lib/silccore/silcpacket.c b/lib/silccore/silcpacket.c
index 6d6c0747..19068286 100644
--- a/lib/silccore/silcpacket.c
+++ b/lib/silccore/silcpacket.c
@@ -323,7 +323,7 @@ int silc_packet_receive(SilcSocketConnection sock)
    SilcPacketParserContext will indicate also whether the received
    packet was normal or special packet. */
 
-void silc_packet_receive_process(SilcSocketConnection sock,
+bool silc_packet_receive_process(SilcSocketConnection sock,
 				 bool local_is_router,
 				 SilcCipher cipher, SilcHmac hmac,
 				 uint32 sequence,
@@ -336,10 +336,10 @@ void silc_packet_receive_process(SilcSocketConnection sock,
 
   /* Do not process for disconnected connection */
   if (SILC_IS_DISCONNECTED(sock))
-    return;
-  
+    return TRUE;
+
   if (sock->inbuf->len < SILC_PACKET_MIN_HEADER_LEN)
-    return;
+    return TRUE;
 
   if (hmac)
     mac_len = silc_hmac_len(hmac);
@@ -349,7 +349,7 @@ void silc_packet_receive_process(SilcSocketConnection sock,
 
     if (sock->inbuf->len < SILC_PACKET_MIN_HEADER_LEN) {
       SILC_LOG_DEBUG(("Partial packet in queue, waiting for the rest"));
-      return;
+      return TRUE;
     }
 
     /* Decrypt first 16 bytes of the packet */
@@ -364,14 +364,14 @@ void silc_packet_receive_process(SilcSocketConnection sock,
     if (packetlen < SILC_PACKET_MIN_LEN) {
       SILC_LOG_DEBUG(("Received invalid packet, dropped"));
       silc_buffer_clear(sock->inbuf);
-      return;
+      return FALSE;
     }
 
     if (sock->inbuf->len < paddedlen + mac_len) {
       SILC_LOG_DEBUG(("Received partial packet, waiting for the rest"
 		      "(%d < %d)", sock->inbuf->len, paddedlen + mac_len));
       SILC_SET_INBUF_PENDING(sock);
-      return;
+      return TRUE;
     }
 
     SILC_UNSET_INBUF_PENDING(sock);
@@ -433,10 +433,11 @@ void silc_packet_receive_process(SilcSocketConnection sock,
   }
 
   if (cont == FALSE && sock->inbuf->len > 0)
-    return;
+    return TRUE;
 
   SILC_LOG_DEBUG(("Clearing inbound buffer"));
   silc_buffer_clear(sock->inbuf);
+  return TRUE;
 }
 
 /* Checks MAC in the packet. Returns TRUE if MAC is Ok. This is called
diff --git a/lib/silccore/silcpacket.h b/lib/silccore/silcpacket.h
index 3bfd897f..54d6bc16 100644
--- a/lib/silccore/silcpacket.h
+++ b/lib/silccore/silcpacket.h
@@ -503,7 +503,7 @@ int silc_packet_receive(SilcSocketConnection sock);
  *
  * SYNOPSIS
  *
- *    void silc_packet_receive_process(SilcSocketConnection sock,
+ *    bool silc_packet_receive_process(SilcSocketConnection sock,
  *                                     bool local_is_router,
  *                                     SilcCipher cipher, SilcHmac hmac,
  *                                     SilcPacketParserCallback parser,
@@ -525,7 +525,7 @@ int silc_packet_receive(SilcSocketConnection sock);
  *    packet was normal or special packet.
  *
  ***/
-void silc_packet_receive_process(SilcSocketConnection sock,
+bool silc_packet_receive_process(SilcSocketConnection sock,
 				 bool local_is_router,
 				 SilcCipher cipher, SilcHmac hmac,
 				 uint32 sequence,
diff --git a/scripts/silcdoc/silcdoc b/scripts/silcdoc/silcdoc
index b03eacb3..66f0c040 100755
--- a/scripts/silcdoc/silcdoc
+++ b/scripts/silcdoc/silcdoc
@@ -35,6 +35,13 @@ ROBO=$4
 # Get all headers in the source directory
 headers=`find $SRC -name "silc*.h"`
 
+#
+# ASCII documentation
+#
+if [ "$TYPE" = "ASCII" ]; then
+
+fi
+
 #
 # HTML documentation
 #
@@ -58,7 +65,7 @@ if [ "$TYPE" = "HTML" ]; then
     do
       n=`grep $k $i |cut -d=  -f2 |cut -d:  -f2`
       echo "<LI><A HREF="$k">$n</A>" >>$DST/$fname.links
-      echo "&nbsp;&nbsp;&nbsp;> <A HREF="$k">$n</A><BR>" >>$DST/index.tmpl
+      echo "&nbsp;&nbsp;&nbsp; <A HREF="$k">$n</A><BR>" >>$DST/index.tmpl
     done
   done