From 98b63457f2e02fbba39bd8fa1e87b64fea40d5ff Mon Sep 17 00:00:00 2001 From: Pekka Riikonen Date: Thu, 26 Sep 2002 11:50:26 +0000 Subject: [PATCH] If packet processing fails (like integrity check fails etc) the connection is closed. --- apps/silcd/server.c | 11 ++--------- lib/silccore/silcpacket.c | 9 +++++---- 2 files changed, 7 insertions(+), 13 deletions(-) diff --git a/apps/silcd/server.c b/apps/silcd/server.c index 6c8156c0..81ff0769 100644 --- a/apps/silcd/server.c +++ b/apps/silcd/server.c @@ -2233,15 +2233,8 @@ SILC_TASK_CALLBACK(silc_server_packet_process) TRUE : FALSE, cipher, hmac, sequence, silc_server_packet_parse, server); - /* If this socket connection is not authenticated yet and the packet - processing failed we will drop the connection since it can be - a malicious flooder. */ - if (sock->type == SILC_SOCKET_TYPE_UNKNOWN && ret == FALSE && - (!sock->protocol || sock->protocol->protocol->type == - SILC_PROTOCOL_SERVER_KEY_EXCHANGE)) { - SILC_LOG_DEBUG(("Bad data sent from unknown connection %d", sock->sock)); - SILC_SET_DISCONNECTING(sock); - + /* If processing failed the connection is closed. */ + if (!ret) { if (sock->user_data) silc_server_free_sock_user_data(server, sock, NULL); silc_server_close_connection(server, sock); diff --git a/lib/silccore/silcpacket.c b/lib/silccore/silcpacket.c index 56312006..b2fad174 100644 --- a/lib/silccore/silcpacket.c +++ b/lib/silccore/silcpacket.c @@ -333,7 +333,7 @@ bool silc_packet_receive_process(SilcSocketConnection sock, /* Sanity checks */ if (packetlen < SILC_PACKET_MIN_LEN) { - SILC_LOG_DEBUG(("Received invalid packet, dropped")); + SILC_LOG_ERROR(("Received invalid packet, dropped")); silc_buffer_clear(sock->inbuf); return FALSE; } @@ -395,6 +395,7 @@ bool silc_packet_receive_process(SilcSocketConnection sock, sock->type == SILC_SOCKET_TYPE_CLIENT ? "Client" : sock->type == SILC_SOCKET_TYPE_SERVER ? "Server" : "Router"))); + return FALSE; } /* Pull the packet from inbuf thus we'll get the next one @@ -463,7 +464,7 @@ static int silc_packet_decrypt_rest(SilcCipher cipher, SilcHmac hmac, if ((buffer->len - silc_hmac_len(hmac)) > SILC_PACKET_MIN_LEN) { silc_buffer_push_tail(buffer, silc_hmac_len(hmac)); } else { - SILC_LOG_DEBUG(("Bad MAC length in packet, packet dropped")); + SILC_LOG_ERROR(("Bad MAC length in packet, packet dropped")); return FALSE; } } @@ -502,7 +503,7 @@ static int silc_packet_decrypt_rest_special(SilcCipher cipher, if ((buffer->len - silc_hmac_len(hmac)) > SILC_PACKET_MIN_LEN) { silc_buffer_push_tail(buffer, silc_hmac_len(hmac)); } else { - SILC_LOG_DEBUG(("Bad MAC length in packet, packet dropped")); + SILC_LOG_ERROR(("Bad MAC length in packet, packet dropped")); return FALSE; } } @@ -517,7 +518,7 @@ static int silc_packet_decrypt_rest_special(SilcCipher cipher, silc_buffer_pull(buffer, SILC_PACKET_MIN_HEADER_LEN); if (len > buffer->len) { - SILC_LOG_DEBUG(("Garbage in header of packet, bad packet length, " + SILC_LOG_ERROR(("Garbage in header of packet, bad packet length, " "packet dropped")); return FALSE; } -- 2.24.0