From 8645fe960ed671b77cbf5688d03ce5576c3e38ea Mon Sep 17 00:00:00 2001 From: Giovanni Giacobbi Date: Sun, 14 Apr 2002 18:42:59 +0000 Subject: [PATCH] fixed crash when bogus payload (auth_data == NULL) was received. also don't extend the memcmp to memory locations not really allocated. --- CHANGES | 6 ++++++ lib/silccore/silcauth.c | 11 ++++++++++- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index baec17fa..844cc1d5 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,9 @@ +Sun Apr 14 20:41:28 CEST 2002 Johnny Mnemonic + + * Fixed a bug in library where sending a bogus authentication + payload would lead to a crash. Affected file is + lib/silccore/silcauth.c. + Mon Apr 8 19:57:40 CEST 2002 Johnny Mnemonic * Added config parse status SILC_CONFIG_EPRINTLINE, this status diff --git a/lib/silccore/silcauth.c b/lib/silccore/silcauth.c index 6e73a9f4..73da5404 100644 --- a/lib/silccore/silcauth.c +++ b/lib/silccore/silcauth.c @@ -369,8 +369,17 @@ bool silc_auth_verify(SilcAuthPayload payload, SilcAuthMethod auth_method, case SILC_AUTH_PASSWORD: /* Passphrase based authentication. The `pkcs', `hash', `id' and `type' arguments are not needed. */ + /* Carefully check that the auth_data field of the payload is not empty + (len=0), which seems to be a legal packet but would crash the + application. Maybe such packet should be dropped. -Johnny 2002/14/4 */ + if ((payload->auth_len == 0) || !auth_data) + break; + + /* if lengths mismatch, avoid comparing unallocated memory locations */ + if (payload->auth_len != auth_data_len) + break; if (!memcmp(payload->auth_data, auth_data, auth_data_len)) { - SILC_LOG_DEBUG(("Authentication successful")); + SILC_LOG_DEBUG(("Passphrase Authentication successful")); return TRUE; } break; -- 2.24.0