From d28dece937f522c31590933627364f7ea189141c Mon Sep 17 00:00:00 2001 From: thorkill Date: Tue, 17 May 2016 11:12:55 +0200 Subject: [PATCH] Proper length validation in handle_incoming_slpd_packet - refactor and cleanup of unused variables --- src/net_packet.c | 27 ++++++++++++++++----------- src/net_setup.c | 12 +++++++++--- 2 files changed, 25 insertions(+), 14 deletions(-) diff --git a/src/net_packet.c b/src/net_packet.c index 8a3bf9df..6c165792 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -1515,7 +1515,7 @@ skip_harder: send_mtu_info(myself, n, MTU); } -static void handle_incoming_slpd_packet(listen_socket_t *ls, void *pkt, struct sockaddr_in6 *addr) { +static void handle_incoming_slpd_packet(listen_socket_t *ls, void *pkt, struct sockaddr_in6 *addr, size_t datalen) { int mav, miv, port; char nodename[MAXSIZE], fng[MAXSIZE]; @@ -1523,15 +1523,16 @@ static void handle_incoming_slpd_packet(listen_socket_t *ls, void *pkt, struct s char addrstr[INET6_ADDRSTRLEN]; inet_ntop(AF_INET6, &addr->sin6_addr, addrstr, sizeof(addrstr)); - int i = sscanf(pkt, "sLPD %d %d %s %d %s", &mav, &miv, &nodename[0], &port, &fng[0]); + int i = sscanf(pkt, "sLPD %d %d %s %d %86s", &mav, &miv, &nodename[0], &port, &fng[0]); if (i != 5) { logger(DEBUG_ALWAYS, LOG_ERR, "cant not parse packet... %d from %s", i, addrstr); return; } - if (mav == 0 && miv <= 2) { + fng[86] = '\00'; - logger(DEBUG_TRAFFIC, LOG_ERR, "Got SLPD packet node:%s port:%d %d.%d <%s> from %s", nodename, port, mav, miv, fng, addrstr); + if (mav == 0 && miv <= 2) { + logger(DEBUG_TRAFFIC, LOG_ERR, "Got SLPD packet node:%s port:%d %d.%d <%s> from %s (len: %d)", nodename, port, mav, miv, fng, addrstr, datalen); node_t *n = lookup_node(nodename); if (!n) { @@ -1539,17 +1540,21 @@ static void handle_incoming_slpd_packet(listen_socket_t *ls, void *pkt, struct s return; } - node_read_ecdsa_public_key(n); + if (!n->ecdsa) + node_read_ecdsa_public_key(n); char sig[64]; - int v; - size_t nlen = strlen(pkt); + char b64sig[255]; + memset(&sig, 0x0, 64); + memset(&b64sig, 0x0, 255); + if (miv >= 2) { if (b64decode(fng, &sig, 86) != 64) { logger(DEBUG_ALWAYS, LOG_ERR, "b64decode() failed!"); return; } - if (!ecdsa_verify(n->ecdsa, pkt, nlen-86-1, sig)) { + + if (!ecdsa_verify(n->ecdsa, pkt, datalen-86-1, sig)) { logger(DEBUG_ALWAYS, LOG_ERR, "Signature verification for SLPD from <%s> failed!", addrstr); return; } @@ -1562,8 +1567,8 @@ static void handle_incoming_slpd_packet(listen_socket_t *ls, void *pkt, struct s config_t *cfg = NULL; if (!n->slpd_address) { - char iface_name[255]; - char fullhost[255]; + char iface_name[255] = { 0 }; + char fullhost[255] = { 0 }; if_indextoname(addr->sin6_scope_id, &iface_name); @@ -1660,7 +1665,7 @@ void handle_incoming_slpd_data(void *data, int flags) { return; } - handle_incoming_slpd_packet(ls, &pkt, &addr); + handle_incoming_slpd_packet(ls, &pkt, &addr, len); } diff --git a/src/net_setup.c b/src/net_setup.c index 436e77fe..6a30774b 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -407,11 +407,16 @@ void send_slpd_broadcast(char *iface) { char signature[87]; char b64sig[255]; char pkt[MAXSIZE]; - int public_key = node_read_ecdsa_public_key(myself); - char *private_key; - private_key = read_ecdsa_private_key(); + if (!node_read_ecdsa_public_key(myself)) { + logger(DEBUG_ALWAYS, LOG_ERR, "Can not load public key for SLPD"); + return; + } + if (!read_ecdsa_private_key()) { + logger(DEBUG_ALWAYS, LOG_ERR, "Can not load private key for SLPD"); + return; + } slpd_msg[MAXSIZE-1] = '\00'; ecdsa_sign(myself->connection->ecdsa, slpd_msg, strlen(slpd_msg), &signature); if (b64encode(signature, &b64sig, 64) != 86) { @@ -425,6 +430,7 @@ void send_slpd_broadcast(char *iface) { if (sendto(sd, pkt, strlen(pkt), 0, mcast_addr->ai_addr, mcast_addr->ai_addrlen) != strlen(pkt) ) { logger(DEBUG_ALWAYS, LOG_ERR, "SLPD send() error: [%s:%d]", strerror(errno), errno); } + close(sd); return; }