From 098d426793c8db0fa5b5c8d12722923871c8cabc Mon Sep 17 00:00:00 2001
From: Pekka Riikonen <priikone@silcnet.org>
Date: Sat, 16 Mar 2002 21:07:57 +0000
Subject: [PATCH] 	updates.

---
 CHANGES                     | 18 ++++++++++++++++++
 TODO                        |  5 +++++
 apps/silcd/packet_receive.c | 24 +++++++++++++++++++++---
 apps/silcd/server.c         |  6 ++++++
 apps/silcd/serverid.c       | 23 +++++++++++++++++++++++
 apps/silcd/serverid.h       |  3 +++
 lib/silccrypt/silchash.c    |  1 +
 lib/silcutil/silcutil.c     | 14 ++++++++++++++
 lib/silcutil/silcutil.h     |  1 +
 9 files changed, 92 insertions(+), 3 deletions(-)

diff --git a/CHANGES b/CHANGES
index dd539bb1..3a53dc28 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,21 @@
+Sat Mar 16 22:39:23 EET 2002  Pekka Riikonen <priikone@silcnet.org>
+
+	* Check for unauthenticated client and server in the
+	  silc_server_new_client and silc_server_new_server functions.
+	  Affected file silcd/packet_receive.c.
+
+	* Added function silc_string_is_ascii to check whether given
+	  string is 7-bit ASCII string.  Affected files are
+	  lib/silcutil/silcutil.[ch].
+
+	* Added function silc_id_is_valid_server_id into the
+	  silcd/serverid.c and added checking for valid Server ID's in
+	  silc_server_new_server.  The Server ID must always be based
+	  on the server's public IP address.
+
+	* Added logging of DISCONNECT packet message in the server.
+	  Affected file silcd/server.c.
+
 Sat Mar 16 18:04:30 EET 2002  Pekka Riikonen <priikone@silcnet.org>
 
 	* Changed all library interfaces that use Global RNG to also
diff --git a/TODO b/TODO
index e186dfc5..57226a95 100644
--- a/TODO
+++ b/TODO
@@ -189,3 +189,8 @@ describe new stuff to be added to protocol versions 1.x.
 
  13. Add the killer's client ID to the KILLED notify.  To be included in 
      protocol version 1.1.
+
+ 14. The length of Arguments Num field in Notify Payload and Command
+     Payload enforces that total of 256 arguments can be associated
+     to a such payload.  However, command-xx draft specified much higher
+     values, and these should be fixed.
diff --git a/apps/silcd/packet_receive.c b/apps/silcd/packet_receive.c
index 1bc8b853..d3191d01 100644
--- a/apps/silcd/packet_receive.c
+++ b/apps/silcd/packet_receive.c
@@ -1540,9 +1540,9 @@ SilcClientEntry silc_server_new_client(SilcServer server,
 
   /* Remove the old cache entry. */
   if (!silc_idcache_del_by_context(server->local_list->clients, client)) {
-    SILC_LOG_ERROR(("Lost client's cache entry - report a bug"));
+    SILC_LOG_INFO(("Unauthenticated client attempted to register to network"));
     silc_server_disconnect_remote(server, sock, "Server closed connection: "
-                                  "Unknown client");
+                                  "You have not been authenticated");
     return NULL;
   }
 
@@ -1796,7 +1796,15 @@ SilcServerEntry silc_server_new_server(SilcServer server,
 
   /* Remove the old cache entry */
   if (!silc_idcache_del_by_context(server->local_list->servers, new_server)) {
-    silc_idcache_del_by_context(server->global_list->servers, new_server);
+    if (!silc_idcache_del_by_context(server->global_list->servers, 
+				     new_server)) {
+      SILC_LOG_INFO(("Unauthenticated %s attempted to register to "
+		     "network", (sock->type == SILC_SOCKET_TYPE_SERVER ?
+				 "server" : "router")));
+      silc_server_disconnect_remote(server, sock, "Server closed connection: "
+				    "You have not been authenticated");
+      return NULL;
+    }
     local = FALSE;
   }
 
@@ -1832,6 +1840,16 @@ SilcServerEntry silc_server_new_server(SilcServer server,
   }
   silc_free(id_string);
 
+  /* Check for valid server ID */
+  if (!silc_id_is_valid_server_id(server, server_id, sock)) {
+    SILC_LOG_INFO(("Invalid server ID sent by %s (%s)",
+		   sock->ip, sock->hostname));
+    silc_server_disconnect_remote(server, sock, "Server closed connection: "
+				  "Your Server ID is not valid");
+    silc_free(server_name);
+    return NULL;
+  }
+
   /* Check that we do not have this ID already */
   server_entry = silc_idlist_find_server_by_id(server->local_list, 
 					       server_id, TRUE, NULL);
diff --git a/apps/silcd/server.c b/apps/silcd/server.c
index c00001d9..dec04e26 100644
--- a/apps/silcd/server.c
+++ b/apps/silcd/server.c
@@ -1876,6 +1876,12 @@ void silc_server_packet_parse_type(SilcServer server,
     SILC_LOG_DEBUG(("Disconnect packet"));
     if (packet->flags & SILC_PACKET_FLAG_LIST)
       break;
+    if (silc_string_is_ascii(packet->buffer->data, packet->buffer->len)) {
+      /* Duplicate to null terminate the string. */
+      char *message = silc_memdup(packet->buffer->data, packet->buffer->len);
+      SILC_LOG_ERROR(("%s", message));
+      silc_free(message);
+    }
     break;
 
   case SILC_PACKET_SUCCESS:
diff --git a/apps/silcd/serverid.c b/apps/silcd/serverid.c
index 3f2c6591..f26630ed 100644
--- a/apps/silcd/serverid.c
+++ b/apps/silcd/serverid.c
@@ -142,3 +142,26 @@ bool silc_id_create_channel_id(SilcServer server,
 
   return TRUE;
 }
+
+/* Checks whether the `server_id' is valid.  It must be based to the
+   IP address provided in the `remote' socket connection. */
+
+bool silc_id_is_valid_server_id(SilcServer server,
+				SilcServerID *server_id,
+				SilcSocketConnection remote)
+{
+  unsigned char ip[16];
+
+  if (!silc_net_addr2bin(remote->ip, ip, sizeof(ip)))
+    return FALSE;
+
+  if (silc_net_is_ip4(remote->ip)) {
+    if (!memcmp(server_id->ip.data, ip, 4))
+      return TRUE;
+  } else {
+    if (!memcmp(server_id->ip.data, ip, 16))
+      return TRUE;
+  }
+
+  return FALSE;
+}
diff --git a/apps/silcd/serverid.h b/apps/silcd/serverid.h
index 2beb4b64..3512cc88 100644
--- a/apps/silcd/serverid.h
+++ b/apps/silcd/serverid.h
@@ -31,5 +31,8 @@ bool silc_id_create_client_id(SilcServer server,
 bool silc_id_create_channel_id(SilcServer server,
 			       SilcServerID *router_id, SilcRng rng,
 			       SilcChannelID **new_id);
+bool silc_id_is_valid_server_id(SilcServer server,
+				SilcServerID *server_id,
+				SilcSocketConnection remote);
 
 #endif
diff --git a/lib/silccrypt/silchash.c b/lib/silccrypt/silchash.c
index 138ba09c..4ec2a925 100644
--- a/lib/silccrypt/silchash.c
+++ b/lib/silccrypt/silchash.c
@@ -160,6 +160,7 @@ bool silc_hash_alloc(const unsigned char *name, SilcHash *new_hash)
     (*new_hash)->hash = entry;
     (*new_hash)->context = silc_calloc(1, entry->context_len());
     (*new_hash)->make_hash = silc_hash_make;
+    return TRUE;
   }
 
   return FALSE;
diff --git a/lib/silcutil/silcutil.c b/lib/silcutil/silcutil.c
index 47427023..6ef7c576 100644
--- a/lib/silcutil/silcutil.c
+++ b/lib/silcutil/silcutil.c
@@ -845,3 +845,17 @@ char *silc_fingerprint(const unsigned char *data, SilcUInt32 data_len)
   
   return strdup(fingerprint);
 }
+
+/* Return TRUE if the `data' is ASCII string. */
+
+bool silc_string_is_ascii(const unsigned char *data, SilcUInt32 data_len)
+{
+  int i;
+
+  for (i = 0; i < data_len; i++) {
+    if (!isascii(data[i]))
+      return FALSE;
+  }
+
+  return TRUE;
+}
diff --git a/lib/silcutil/silcutil.h b/lib/silcutil/silcutil.h
index 2f79f260..2d6fa7f3 100644
--- a/lib/silcutil/silcutil.h
+++ b/lib/silcutil/silcutil.h
@@ -61,5 +61,6 @@ char *silc_client_chumode(SilcUInt32 mode);
 char *silc_client_chumode_char(SilcUInt32 mode);
 int silc_gettimeofday(struct timeval *p);
 char *silc_fingerprint(const unsigned char *data, SilcUInt32 data_len);
+bool silc_string_is_ascii(const unsigned char *data, SilcUInt32 data_len);
 
 #endif
-- 
2.24.0