j3d1/tinc
1
0
Fork 0
Code Issues 1 Pull requests Releases Wiki Activity

Check return value of EVP_* functions, and check if length before en/decryption

Browse source 
matches that after in meta.c.
This commit is contained in:
Guus Sliepen 2003-10-10 16:24:24 +00:00
parent 9d2bf718f2
commit b0dd705a26
2 changed files with 41 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

20
src/meta.c
View file

@ -17,7 +17,7 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
$Id: meta.c,v 1.1.2.44 2003/08/28 21:05:10 guus Exp $
$Id: meta.c,v 1.1.2.45 2003/10/10 16:24:24 guus Exp $
*/
#include "system.h"
@ -46,7 +46,11 @@ bool send_meta(connection_t *c, const char *buffer, int length)
c->name, c->hostname);
if(c->status.encryptout) {
EVP_EncryptUpdate(c->outctx, outbuf, &outlen, buffer, length);
result = EVP_EncryptUpdate(c->outctx, outbuf, &outlen, buffer, length);
if(!result || outlen != length) {
logger(LOG_ERR, _("Error while encrypting metadata to %s (%s): %s"), ERR_error_string(ERR_get_error(), NULL));
return false;
}
bufp = outbuf;
length = outlen;
} else
@ -89,8 +93,8 @@ void broadcast_meta(connection_t *from, const char *buffer, int length)
bool receive_meta(connection_t *c)
{
int oldlen, i;
int lenin, reqlen;
int oldlen, i, result;
int lenin, lenout, reqlen;
bool decrypted = false;
char inbuf[MAXBUFSIZE];
@ -123,11 +127,15 @@ bool receive_meta(connection_t *c)
oldlen = c->buflen;
c->buflen += lenin;
while(lenin) {
while(lenin > 0) {
/* Decrypt */
if(c->status.decryptin && !decrypted) {
EVP_DecryptUpdate(c->inctx, inbuf, &lenin, c->buffer + oldlen, lenin);
result = EVP_DecryptUpdate(c->inctx, inbuf, &lenout, c->buffer + oldlen, lenin);
if(!result || lenout != lenin) {
logger(LOG_ERR, _("Error while decrypting metadata from %s (%s): %s"), ERR_error_string(ERR_get_error(), NULL));
return false;
}
memcpy(c->buffer + oldlen, inbuf, lenin);
decrypted = true;
}

41
src/net_packet.c
View file

@ -17,7 +17,7 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
$Id: net_packet.c,v 1.1.2.41 2003/09/23 20:59:01 guus Exp $
$Id: net_packet.c,v 1.1.2.42 2003/10/10 16:24:24 guus Exp $
*/
#include "system.h"
@ -114,7 +114,7 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt)
vpn_packet_t *outpkt = pkt[0];
int outlen, outpad;
char hmac[EVP_MAX_MD_SIZE];
int i;
int i, result;
cp();
@ -145,12 +145,18 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt)
if(myself->cipher) {
outpkt = pkt[nextpkt++];
// EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, myself->key,
// myself->key + myself->cipher->key_len);
EVP_DecryptInit_ex(&packet_ctx, NULL, NULL, NULL, NULL);
EVP_DecryptUpdate(&packet_ctx, (char *) &outpkt->seqno, &outlen,
(char *) &inpkt->seqno, inpkt->len);
EVP_DecryptFinal_ex(&packet_ctx, (char *) &outpkt->seqno + outlen, &outpad);
if(!EVP_DecryptUpdate(&packet_ctx, (char *) &outpkt->seqno, &outlen,
(char *) &inpkt->seqno, inpkt->len)) {
ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Error decrypting packet from %s (%s): %s"),
n->name, n->hostname, ERR_error_string(ERR_get_error(), NULL));
return;
}
if(!EVP_DecryptFinal_ex(&packet_ctx, (char *) &outpkt->seqno + outlen, &outpad)) {
ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Error decrypting packet from %s (%s): %s"),
n->name, n->hostname, ERR_error_string(ERR_get_error(), NULL));
return;
}
outpkt->len = outlen + outpad;
inpkt = outpkt;
@ -189,8 +195,8 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt)
outpkt = pkt[nextpkt++];
if((outpkt->len = uncompress_packet(outpkt->data, inpkt->data, inpkt->len, myself->compression)) < 0) {
logger(LOG_ERR, _("Error while uncompressing packet from %s (%s)"),
n->name, n->hostname);
ifdebug(TRAFFIC) logger(LOG_ERR, _("Error while uncompressing packet from %s (%s)"),
n->name, n->hostname);
return;
}
@ -264,7 +270,7 @@ static void send_udppacket(node_t *n, vpn_packet_t *inpkt)
outpkt = pkt[nextpkt++];
if((outpkt->len = compress_packet(outpkt->data, inpkt->data, inpkt->len, n->compression)) < 0) {
logger(LOG_ERR, _("Error while compressing packet to %s (%s)"),
ifdebug(TRAFFIC) logger(LOG_ERR, _("Error while compressing packet to %s (%s)"),
n->name, n->hostname);
return;
}
@ -282,11 +288,18 @@ static void send_udppacket(node_t *n, vpn_packet_t *inpkt)
if(n->cipher) {
outpkt = pkt[nextpkt++];
// EVP_EncryptInit_ex(&packet_ctx, n->cipher, NULL, n->key, n->key + n->cipher->key_len);
EVP_EncryptInit_ex(&n->packet_ctx, NULL, NULL, NULL, NULL);
EVP_EncryptUpdate(&n->packet_ctx, (char *) &outpkt->seqno, &outlen,
(char *) &inpkt->seqno, inpkt->len);
EVP_EncryptFinal_ex(&n->packet_ctx, (char *) &outpkt->seqno + outlen, &outpad);
if(!EVP_EncryptUpdate(&n->packet_ctx, (char *) &outpkt->seqno, &outlen,
(char *) &inpkt->seqno, inpkt->len)) {
ifdebug(TRAFFIC) logger(LOG_ERR, _("Error while encrypting packet to %s (%s): %s"),
n->name, n->hostname, ERR_error_string(ERR_get_error(), NULL));
return;
}
if(!EVP_EncryptFinal_ex(&n->packet_ctx, (char *) &outpkt->seqno + outlen, &outpad)) {
ifdebug(TRAFFIC) logger(LOG_ERR, _("Error while encrypting packet to %s (%s): %s"),
n->name, n->hostname, ERR_error_string(ERR_get_error(), NULL));
return;
}
outpkt->len = outlen + outpad;
inpkt = outpkt;