From 4519ed70ffbb48c8f92709af462f8499e78f31f3 Mon Sep 17 00:00:00 2001 From: Pekka Riikonen Date: Sat, 16 Dec 2000 15:34:19 +0000 Subject: [PATCH] Implemented version string checking to client and server. --- CHANGES | 6 ++++++ apps/silcd/protocol.c | 18 ++++++++++++++++-- lib/silcclient/protocol.c | 25 +++++++++++++++++++++++-- lib/silcske/silcske.c | 9 ++++++--- 4 files changed, 51 insertions(+), 7 deletions(-) diff --git a/CHANGES b/CHANGES index dcfec656..426d317c 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,9 @@ +Sat Dec 16 17:39:54 EET 2000 Pekka Riikonen + + * Implemented version string checking to both client and server. + The check is incomplete currently due to the abnormal version + strings used in development version of SILC. + Fri Dec 15 15:55:12 EET 2000 Pekka Riikonen * Changed char *data to unsigned char *data in ID Cache system to diff --git a/apps/silcd/protocol.c b/apps/silcd/protocol.c index 685b5ab6..fbe1f566 100644 --- a/apps/silcd/protocol.c +++ b/apps/silcd/protocol.c @@ -115,12 +115,26 @@ static void silc_server_protocol_ke_set_keys(SilcSKE ske, sock->user_data = (void *)conn_data; } -/* XXX TODO */ +/* Check remote host version string */ SilcSKEStatus silc_ske_check_version(SilcSKE ske, unsigned char *version, unsigned int len) { - return SILC_SKE_STATUS_OK; + SilcSKEStatus status = SILC_SKE_STATUS_OK; + + /* Check for initial version string */ + if (!strstr(version, "SILC-1.0-")) + status = SILC_SKE_STATUS_BAD_VERSION; + + /* Check software version */ + + if (len < strlen(silc_version_string)) + status = SILC_SKE_STATUS_BAD_VERSION; + + /* XXX for now there is no other tests due to the abnormal version + string that is used */ + + return status; } /* Performs key exchange protocol. This is used for both initiator diff --git a/lib/silcclient/protocol.c b/lib/silcclient/protocol.c index bd52fcc5..fe7a3544 100644 --- a/lib/silcclient/protocol.c +++ b/lib/silcclient/protocol.c @@ -119,12 +119,32 @@ static void silc_client_protocol_ke_set_keys(SilcSKE ske, silc_hmac_set_key(conn->hmac, keymat->hmac_key, keymat->hmac_key_len); } -/* XXX TODO */ +/* Checks the version string of the server. */ SilcSKEStatus silc_ske_check_version(SilcSKE ske, unsigned char *version, unsigned int len) { - return SILC_SKE_STATUS_OK; + SilcSocketConnection conn = (SilcSocketConnection)ske->sock->user_data; + SilcClient client = (SilcClient)ske->user_data; + SilcSKEStatus status = SILC_SKE_STATUS_OK; + + /* Check for initial version string */ + if (!strstr(version, "SILC-1.0-")) + status = SILC_SKE_STATUS_BAD_VERSION; + + /* Check software version */ + + if (len < strlen(silc_version_string)) + status = SILC_SKE_STATUS_BAD_VERSION; + + /* XXX for now there is no other tests due to the abnormal version + string that is used */ + + if (status != SILC_SKE_STATUS_OK) + client->ops->say(client, conn, + "We don't support server version `%s'", version); + + return status; } /* Performs key exchange protocol. This is used for both initiator @@ -156,6 +176,7 @@ SILC_TASK_CALLBACK(silc_client_protocol_key_exchange) ske = silc_ske_alloc(); ctx->ske = ske; ske->rng = client->rng; + ske->user_data = (void *)client; if (ctx->responder == TRUE) { #if 0 diff --git a/lib/silcske/silcske.c b/lib/silcske/silcske.c index 0dac0633..34c4c167 100644 --- a/lib/silcske/silcske.c +++ b/lib/silcske/silcske.c @@ -775,6 +775,7 @@ silc_ske_select_security_properties(SilcSKE ske, SilcSKEStartPayload *payload, SilcSKEStartPayload *remote_payload) { + SilcSKEStatus status; SilcSKEStartPayload *rp; char *cp; int len; @@ -783,6 +784,11 @@ silc_ske_select_security_properties(SilcSKE ske, rp = remote_payload; + /* Check version string */ + status = silc_ske_check_version(ske, rp->version, rp->version_len); + if (status != SILC_SKE_STATUS_OK) + return status; + /* Flags are returned unchanged. */ payload->flags = rp->flags; @@ -791,9 +797,6 @@ silc_ske_select_security_properties(SilcSKE ske, payload->cookie_len = SILC_SKE_COOKIE_LEN; memcpy(payload->cookie, rp->cookie, SILC_SKE_COOKIE_LEN); - /* Check version string */ - silc_ske_check_version(ske, rp->version, rp->version_len); - /* Put our version to our reply */ payload->version = strdup(version); payload->version_len = strlen(version); -- 2.24.0