updates.

diff --git a/CHANGES b/CHANGES
index dd539bb1caee06c083c46ec2b056dd59517e0a43..3a53dc287d1e4050f5ae486e60e33e6d01457396 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,21 @@
+Sat Mar 16 22:39:23 EET 2002  Pekka Riikonen <priikone@silcnet.org>
+
+       * Check for unauthenticated client and server in the
+         silc_server_new_client and silc_server_new_server functions.
+         Affected file silcd/packet_receive.c.
+
+       * Added function silc_string_is_ascii to check whether given
+         string is 7-bit ASCII string.  Affected files are
+         lib/silcutil/silcutil.[ch].
+
+       * Added function silc_id_is_valid_server_id into the
+         silcd/serverid.c and added checking for valid Server ID's in
+         silc_server_new_server.  The Server ID must always be based
+         on the server's public IP address.
+
+       * Added logging of DISCONNECT packet message in the server.
+         Affected file silcd/server.c.
+

 Sat Mar 16 18:04:30 EET 2002  Pekka Riikonen <priikone@silcnet.org>
 
        * Changed all library interfaces that use Global RNG to also
 Sat Mar 16 18:04:30 EET 2002  Pekka Riikonen <priikone@silcnet.org>
 
        * Changed all library interfaces that use Global RNG to also

diff --git a/TODO b/TODO
index e186dfc584de31803b53a85414cee9ae5375d4e5..57226a956fe2ca34f894e581e2ebc70896626272 100644 (file)
--- a/TODO
+++ b/TODO
@@ -189,3 +189,8 @@ describe new stuff to be added to protocol versions 1.x.
 
  13. Add the killer's client ID to the KILLED notify.  To be included in 
      protocol version 1.1.
 
  13. Add the killer's client ID to the KILLED notify.  To be included in 
      protocol version 1.1.

+
+ 14. The length of Arguments Num field in Notify Payload and Command
+     Payload enforces that total of 256 arguments can be associated
+     to a such payload.  However, command-xx draft specified much higher
+     values, and these should be fixed.

diff --git a/apps/silcd/packet_receive.c b/apps/silcd/packet_receive.c
index 1bc8b853832deea7b0ee4ea27b390aa7e7143442..d3191d01ac30c0ae242c78cb0fa55236e26a77b4 100644 (file)
--- a/apps/silcd/packet_receive.c
+++ b/apps/silcd/packet_receive.c
@@ -1540,9 +1540,9 @@ SilcClientEntry silc_server_new_client(SilcServer server,
 
   /* Remove the old cache entry. */
   if (!silc_idcache_del_by_context(server->local_list->clients, client)) {
 
   /* Remove the old cache entry. */
   if (!silc_idcache_del_by_context(server->local_list->clients, client)) {

-    SILC_LOG_ERROR(("Lost client's cache entry - report a bug"));
+    SILC_LOG_INFO(("Unauthenticated client attempted to register to network"));

     silc_server_disconnect_remote(server, sock, "Server closed connection: "
     silc_server_disconnect_remote(server, sock, "Server closed connection: "

-                                  "Unknown client");
+                                  "You have not been authenticated");

     return NULL;
   }
 
     return NULL;
   }
 


@@ -1796,7 +1796,15 @@ SilcServerEntry silc_server_new_server(SilcServer server,
 
   /* Remove the old cache entry */
   if (!silc_idcache_del_by_context(server->local_list->servers, new_server)) {
 
   /* Remove the old cache entry */
   if (!silc_idcache_del_by_context(server->local_list->servers, new_server)) {

-    silc_idcache_del_by_context(server->global_list->servers, new_server);
+    if (!silc_idcache_del_by_context(server->global_list->servers, 
+                                    new_server)) {
+      SILC_LOG_INFO(("Unauthenticated %s attempted to register to "
+                    "network", (sock->type == SILC_SOCKET_TYPE_SERVER ?
+                                "server" : "router")));
+      silc_server_disconnect_remote(server, sock, "Server closed connection: "
+                                   "You have not been authenticated");
+      return NULL;
+    }

     local = FALSE;
   }
 
     local = FALSE;
   }
 


@@ -1832,6 +1840,16 @@ SilcServerEntry silc_server_new_server(SilcServer server,
   }
   silc_free(id_string);
 
   }
   silc_free(id_string);
 

+  /* Check for valid server ID */
+  if (!silc_id_is_valid_server_id(server, server_id, sock)) {
+    SILC_LOG_INFO(("Invalid server ID sent by %s (%s)",
+                  sock->ip, sock->hostname));
+    silc_server_disconnect_remote(server, sock, "Server closed connection: "
+                                 "Your Server ID is not valid");
+    silc_free(server_name);
+    return NULL;
+  }
+

   /* Check that we do not have this ID already */
   server_entry = silc_idlist_find_server_by_id(server->local_list, 
                                               server_id, TRUE, NULL);
   /* Check that we do not have this ID already */
   server_entry = silc_idlist_find_server_by_id(server->local_list, 
                                               server_id, TRUE, NULL);

diff --git a/apps/silcd/server.c b/apps/silcd/server.c
index c00001d9db9be0968ac02a3c3aa562a1371fa459..dec04e2663c8f485fa0bc59fa1edf18f923175ff 100644 (file)
--- a/apps/silcd/server.c
+++ b/apps/silcd/server.c
@@ -1876,6 +1876,12 @@ void silc_server_packet_parse_type(SilcServer server,
     SILC_LOG_DEBUG(("Disconnect packet"));
     if (packet->flags & SILC_PACKET_FLAG_LIST)
       break;
     SILC_LOG_DEBUG(("Disconnect packet"));
     if (packet->flags & SILC_PACKET_FLAG_LIST)
       break;

+    if (silc_string_is_ascii(packet->buffer->data, packet->buffer->len)) {
+      /* Duplicate to null terminate the string. */
+      char *message = silc_memdup(packet->buffer->data, packet->buffer->len);
+      SILC_LOG_ERROR(("%s", message));
+      silc_free(message);
+    }

     break;
 
   case SILC_PACKET_SUCCESS:
     break;
 
   case SILC_PACKET_SUCCESS:

diff --git a/apps/silcd/serverid.c b/apps/silcd/serverid.c
index 3f2c65914e37cb678f0ac783fd9a4c8de57fc762..f26630edb30a68b69cf181acef9697530d605246 100644 (file)
--- a/apps/silcd/serverid.c
+++ b/apps/silcd/serverid.c
@@ -142,3 +142,26 @@ bool silc_id_create_channel_id(SilcServer server,
 
   return TRUE;
 }
 
   return TRUE;
 }

+
+/* Checks whether the `server_id' is valid.  It must be based to the
+   IP address provided in the `remote' socket connection. */
+
+bool silc_id_is_valid_server_id(SilcServer server,
+                               SilcServerID *server_id,
+                               SilcSocketConnection remote)
+{
+  unsigned char ip[16];
+
+  if (!silc_net_addr2bin(remote->ip, ip, sizeof(ip)))
+    return FALSE;
+
+  if (silc_net_is_ip4(remote->ip)) {
+    if (!memcmp(server_id->ip.data, ip, 4))
+      return TRUE;
+  } else {
+    if (!memcmp(server_id->ip.data, ip, 16))
+      return TRUE;
+  }
+
+  return FALSE;
+}

diff --git a/apps/silcd/serverid.h b/apps/silcd/serverid.h
index 2beb4b64ed0ffd7dd5202aba210e2c007586f8a2..3512cc88150e8745494a605d85c197d4283c7b08 100644 (file)
--- a/apps/silcd/serverid.h
+++ b/apps/silcd/serverid.h
@@ -31,5 +31,8 @@ bool silc_id_create_client_id(SilcServer server,
 bool silc_id_create_channel_id(SilcServer server,
                               SilcServerID *router_id, SilcRng rng,
                               SilcChannelID **new_id);
 bool silc_id_create_channel_id(SilcServer server,
                               SilcServerID *router_id, SilcRng rng,
                               SilcChannelID **new_id);

+bool silc_id_is_valid_server_id(SilcServer server,
+                               SilcServerID *server_id,
+                               SilcSocketConnection remote);

 
 #endif
 
 #endif

diff --git a/lib/silccrypt/silchash.c b/lib/silccrypt/silchash.c
index 138ba09c8f14f2c0dc2e73717a63ce2bec7180c3..4ec2a925d0f39ca68134695c7a61beb5b8e4157f 100644 (file)
--- a/lib/silccrypt/silchash.c
+++ b/lib/silccrypt/silchash.c
@@ -160,6 +160,7 @@ bool silc_hash_alloc(const unsigned char *name, SilcHash *new_hash)
     (*new_hash)->hash = entry;
     (*new_hash)->context = silc_calloc(1, entry->context_len());
     (*new_hash)->make_hash = silc_hash_make;
     (*new_hash)->hash = entry;
     (*new_hash)->context = silc_calloc(1, entry->context_len());
     (*new_hash)->make_hash = silc_hash_make;

+    return TRUE;

   }
 
   return FALSE;
   }
 
   return FALSE;

diff --git a/lib/silcutil/silcutil.c b/lib/silcutil/silcutil.c
index 47427023d84128fe52e00c80af23880bda994313..6ef7c57651805a6d0b6c5e0088e3fc915e1a931d 100644 (file)
--- a/lib/silcutil/silcutil.c
+++ b/lib/silcutil/silcutil.c
@@ -845,3 +845,17 @@ char *silc_fingerprint(const unsigned char *data, SilcUInt32 data_len)
   
   return strdup(fingerprint);
 }
   
   return strdup(fingerprint);
 }

+
+/* Return TRUE if the `data' is ASCII string. */
+
+bool silc_string_is_ascii(const unsigned char *data, SilcUInt32 data_len)
+{
+  int i;
+
+  for (i = 0; i < data_len; i++) {
+    if (!isascii(data[i]))
+      return FALSE;
+  }
+
+  return TRUE;
+}

diff --git a/lib/silcutil/silcutil.h b/lib/silcutil/silcutil.h
index 2f79f2600f197f48f1f61239ae39ad2431c91afa..2d6fa7f31a3b0f3c78a37eb76a4374a767699703 100644 (file)
--- a/lib/silcutil/silcutil.h
+++ b/lib/silcutil/silcutil.h
@@ -61,5 +61,6 @@ char *silc_client_chumode(SilcUInt32 mode);
 char *silc_client_chumode_char(SilcUInt32 mode);
 int silc_gettimeofday(struct timeval *p);
 char *silc_fingerprint(const unsigned char *data, SilcUInt32 data_len);
 char *silc_client_chumode_char(SilcUInt32 mode);
 int silc_gettimeofday(struct timeval *p);
 char *silc_fingerprint(const unsigned char *data, SilcUInt32 data_len);

+bool silc_string_is_ascii(const unsigned char *data, SilcUInt32 data_len);

 
 #endif
 
 #endif