j3d1/tinc
1
0
Fork 0
Code Issues 1 Pull requests Releases Wiki Activity

Revert Martin Kihlgren's patch, it doesn't work the way it should.

Browse source
This commit is contained in:
Guus Sliepen 2004-03-20 22:23:42 +00:00
parent 27c304940a
commit af86a3226e
6 changed files with 40 additions and 70 deletions
Download patch file Download diff file Expand all files Collapse all files

63
src/net_packet.c
View file

@ -54,7 +54,6 @@
int keylifetime = 0;
int keyexpires = 0;
bool strictsource = true;
EVP_CIPHER_CTX packet_ctx;
static char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999_MEM_COMPRESS : LZO1X_1_MEM_COMPRESS];
@ -168,25 +167,6 @@ static void receive_packet(node_t *n, vpn_packet_t *packet)
route(n, packet);
}
static bool authenticate_udppacket(node_t *n, vpn_packet_t *inpkt) {
char hmac[EVP_MAX_MD_SIZE];
if(inpkt->len < sizeof(inpkt->seqno) + (myself->digest ? myself->maclength : 0))
return false;
/* Check the message authentication code */
if(myself->digest && myself->maclength) {
HMAC(myself->digest, myself->key, myself->keylength,
(char *) &inpkt->seqno, inpkt->len - myself->maclength, hmac, NULL);
if(memcmp(hmac, (char *) &inpkt->seqno + inpkt->len - myself->maclength, myself->maclength))
return false;
}
return true;
}
static void receive_udppacket(node_t *n, vpn_packet_t *inpkt)
{
vpn_packet_t pkt1, pkt2;
@ -194,17 +174,32 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt)
int nextpkt = 0;
vpn_packet_t *outpkt = pkt[0];
int outlen, outpad;
char hmac[EVP_MAX_MD_SIZE];
int i;
cp();
if(!authenticate_udppacket(n, inpkt)) {
ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Got unauthenticated packet from %s (%s)"),
n->name, n->hostname);
/* Check packet length */
if(inpkt->len < sizeof(inpkt->seqno) + myself->maclength) {
ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Got too short packet from %s (%s)"),
n->name, n->hostname);
return;
}
inpkt->len -= myself->digest ? myself->maclength : 0;
/* Check the message authentication code */
if(myself->digest && myself->maclength) {
inpkt->len -= myself->maclength;
HMAC(myself->digest, myself->key, myself->keylength,
(char *) &inpkt->seqno, inpkt->len, hmac, NULL);
if(memcmp(hmac, (char *) &inpkt->seqno + inpkt->len, myself->maclength)) {
ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Got unauthenticated packet from %s (%s)"),
n->name, n->hostname);
return;
}
}
/* Decrypt the packet */
@ -488,7 +483,6 @@ void handle_incoming_vpn_data(int sock)
sockaddr_t from;
socklen_t fromlen = sizeof(from);
node_t *n;
static time_t lasttime = 0;
cp();
@ -503,25 +497,10 @@ void handle_incoming_vpn_data(int sock)
n = lookup_node_udp(&from);
if(!n && !strictsource && myself->digest && myself->maclength && lasttime != now) {
avl_node_t *node;
lasttime = now;
for(node = node_tree->head; node; node = node->next) {
n = node->data;
if(authenticate_udppacket(n, &pkt)) {
update_node_address(n, &from);
logger(LOG_DEBUG, _("Updated address of node %s to %s"), n->name, n->hostname);
break;
}
}
}
if(!n) {
hostname = sockaddr2hostname(&from);
logger(LOG_WARNING, _("Received UDP packet from unknown source %s"), hostname);
logger(LOG_WARNING, _("Received UDP packet from unknown source %s"),
hostname);
free(hostname);
return;
}