fix: compare sensitive data with sodium_memcmp

fix: make increment_nonce & increment_nonce_number independent of user-controlled input fix: make crypto_core more stable agains null ptr dereference
author: Roman Proskuryakov <humbug@deeptown.org> 2016-01-24 19:16:40 +0300
committer: Roman Proskuryakov <humbug@deeptown.org> 2016-01-27 02:14:59 +0300
commit: ed3a794c9bf6380801ee21c816505f457b6a1348 (patch)
tree: 14e1b8fa1c8c1b7f45b08bae5e0b6169054c3751 /toxcore/DHT.c
parent: 61f8e65c0157049ac26bf9b081ba6842d7defdeb (diff)
1 files changed, 8 insertions, 8 deletions
diff --git a/toxcore/DHT.c b/toxcore/DHT.c
index 052b74ff..51f1e5ba 100644
--- a/toxcore/DHT.c
+++ b/toxcore/DHT.c
@@ -126,7 +126,7 @@ void get_shared_key(Shared_Keys *shared_keys, uint8_t *shared_key, const uint8_t
        int index = public_key[30] * MAX_KEYS_PER_SLOT + i;
        if (shared_keys->keys[index].stored) {
-            if (memcmp(public_key, shared_keys->keys[index].public_key, crypto_box_PUBLICKEYBYTES) == 0) {
+            if (public_key_cmp(public_key, shared_keys->keys[index].public_key) == 0) {
                memcpy(shared_key, shared_keys->keys[index].shared_key, crypto_box_BEFORENMBYTES);
                ++shared_keys->keys[index].times_requested;
                shared_keys->keys[index].time_last_requested = unix_time();
@@ -844,7 +844,7 @@ static _Bool is_pk_in_client_list(Client_data *list, unsigned int client_list_le
    for (i = 0; i < client_list_length; ++i) {
        if ((ip_port.ip.family == AF_INET && !is_timeout(list[i].assoc4.timestamp, BAD_NODE_TIMEOUT))
                || (ip_port.ip.family == AF_INET6 && !is_timeout(list[i].assoc6.timestamp, BAD_NODE_TIMEOUT))) {
-            if (memcmp(list[i].public_key, public_key, crypto_box_PUBLICKEYBYTES) == 0) {
+            if (public_key_cmp(list[i].public_key, public_key) == 0) {
                return 1;
            }
        }
@@ -944,7 +944,7 @@ int addto_lists(DHT *dht, IP_Port ip_port, const uint8_t *public_key)
                DHT_Friend *friend = &dht->friends_list[i];
-                if (memcmp(public_key, friend->public_key, crypto_box_PUBLICKEYBYTES) == 0) {
+                if (public_key_cmp(public_key, friend->public_key) == 0) {
                    friend_foundip = friend;
                }
@@ -953,7 +953,7 @@ int addto_lists(DHT *dht, IP_Port ip_port, const uint8_t *public_key)
        } else {
            DHT_Friend *friend = &dht->friends_list[i];
-            if (memcmp(public_key, friend->public_key, crypto_box_PUBLICKEYBYTES) == 0) {
+            if (public_key_cmp(public_key, friend->public_key) == 0) {
                friend_foundip = friend;
            }
@@ -1212,7 +1212,7 @@ static uint8_t sent_getnode_to_node(DHT *dht, const uint8_t *public_key, IP_Port
    Node_format test;
    memcpy(&test, data, sizeof(Node_format));
-    if (!ipport_equal(&test.ip_port, &node_ip_port) || memcmp(test.public_key, public_key, crypto_box_PUBLICKEYBYTES) != 0)
+    if (!ipport_equal(&test.ip_port, &node_ip_port) || public_key_cmp(test.public_key, public_key) != 0)
        return 0;
    return 1;
@@ -2081,7 +2081,7 @@ static IPPTsPng *get_closelist_IPPTsPng(DHT *dht, const uint8_t *public_key, sa_
    uint32_t i;
    for (i = 0; i < LCLIENT_LIST; ++i) {
-        if (memcmp(dht->close_clientlist[i].public_key, public_key, crypto_box_PUBLICKEYBYTES) != 0)
+        if (public_key_cmp(dht->close_clientlist[i].public_key, public_key) != 0)
            continue;
        if (sa_family == AF_INET)
@@ -2178,7 +2178,7 @@ static int handle_hardening(void *object, IP_Port source, const uint8_t *source_
            if (is_timeout(temp->hardening.send_nodes_timestamp, HARDENING_INTERVAL))
                return 1;
-            if (memcmp(temp->hardening.send_nodes_pingedid, source_pubkey, crypto_box_PUBLICKEYBYTES) != 0)
+            if (public_key_cmp(temp->hardening.send_nodes_pingedid, source_pubkey) != 0)
                return 1;
            /* If Nodes look good and the request checks out */
@@ -2351,7 +2351,7 @@ static int cryptopacket_handle(void *object, IP_Port source, const uint8_t *pack
                length > MAX_CRYPTO_REQUEST_SIZE + crypto_box_MACBYTES)
            return 1;
-        if (memcmp(packet + 1, dht->self_public_key, crypto_box_PUBLICKEYBYTES) == 0) { // Check if request is for us.
+        if (public_key_cmp(packet + 1, dht->self_public_key) == 0) { // Check if request is for us.
            uint8_t public_key[crypto_box_PUBLICKEYBYTES];
            uint8_t data[MAX_CRYPTO_REQUEST_SIZE];
            uint8_t number;
author	Roman Proskuryakov <humbug@deeptown.org>	2016-01-24 19:16:40 +0300
committer	Roman Proskuryakov <humbug@deeptown.org>	2016-01-27 02:14:59 +0300
commit	ed3a794c9bf6380801ee21c816505f457b6a1348 (patch)
tree	14e1b8fa1c8c1b7f45b08bae5e0b6169054c3751 /toxcore/DHT.c
parent	61f8e65c0157049ac26bf9b081ba6842d7defdeb (diff)

diff --git a/toxcore/DHT.c b/toxcore/DHT.c index 052b74ff..51f1e5ba 100644 --- a/toxcore/DHT.c +++ b/toxcore/DHT.c
@@ -126,7 +126,7 @@ void get_shared_key(Shared_Keys shared_keys, uint8_t shared_key, const uint8_t
126	int index = public_key[30] * MAX_KEYS_PER_SLOT + i;	126	int index = public_key[30] * MAX_KEYS_PER_SLOT + i;
127		127
128	if (shared_keys->keys[index].stored) {	128	if (shared_keys->keys[index].stored) {
129	if (memcmp(public_key, shared_keys->keys[index].public_key, crypto_box_PUBLICKEYBYTES) == 0) {	129	if (public_key_cmp(public_key, shared_keys->keys[index].public_key) == 0) {
130	memcpy(shared_key, shared_keys->keys[index].shared_key, crypto_box_BEFORENMBYTES);	130	memcpy(shared_key, shared_keys->keys[index].shared_key, crypto_box_BEFORENMBYTES);
131	++shared_keys->keys[index].times_requested;	131	++shared_keys->keys[index].times_requested;
132	shared_keys->keys[index].time_last_requested = unix_time();	132	shared_keys->keys[index].time_last_requested = unix_time();
@@ -844,7 +844,7 @@ static _Bool is_pk_in_client_list(Client_data *list, unsigned int client_list_le
844	for (i = 0; i < client_list_length; ++i) {	844	for (i = 0; i < client_list_length; ++i) {
845	if ((ip_port.ip.family == AF_INET && !is_timeout(list[i].assoc4.timestamp, BAD_NODE_TIMEOUT))	845	if ((ip_port.ip.family == AF_INET && !is_timeout(list[i].assoc4.timestamp, BAD_NODE_TIMEOUT))
846	\|\| (ip_port.ip.family == AF_INET6 && !is_timeout(list[i].assoc6.timestamp, BAD_NODE_TIMEOUT))) {	846	\|\| (ip_port.ip.family == AF_INET6 && !is_timeout(list[i].assoc6.timestamp, BAD_NODE_TIMEOUT))) {
847	if (memcmp(list[i].public_key, public_key, crypto_box_PUBLICKEYBYTES) == 0) {	847	if (public_key_cmp(list[i].public_key, public_key) == 0) {
848	return 1;	848	return 1;
849	}	849	}
850	}	850	}
@@ -944,7 +944,7 @@ int addto_lists(DHT dht, IP_Port ip_port, const uint8_t public_key)
944		944
945	DHT_Friend *friend = &dht->friends_list[i];	945	DHT_Friend *friend = &dht->friends_list[i];
946		946
947	if (memcmp(public_key, friend->public_key, crypto_box_PUBLICKEYBYTES) == 0) {	947	if (public_key_cmp(public_key, friend->public_key) == 0) {
948	friend_foundip = friend;	948	friend_foundip = friend;
949	}	949	}
950		950
@@ -953,7 +953,7 @@ int addto_lists(DHT dht, IP_Port ip_port, const uint8_t public_key)
953	} else {	953	} else {
954	DHT_Friend *friend = &dht->friends_list[i];	954	DHT_Friend *friend = &dht->friends_list[i];
955		955
956	if (memcmp(public_key, friend->public_key, crypto_box_PUBLICKEYBYTES) == 0) {	956	if (public_key_cmp(public_key, friend->public_key) == 0) {
957	friend_foundip = friend;	957	friend_foundip = friend;
958	}	958	}
959		959
@@ -1212,7 +1212,7 @@ static uint8_t sent_getnode_to_node(DHT dht, const uint8_t public_key, IP_Port
1212	Node_format test;	1212	Node_format test;
1213	memcpy(&test, data, sizeof(Node_format));	1213	memcpy(&test, data, sizeof(Node_format));
1214		1214
1215	if (!ipport_equal(&test.ip_port, &node_ip_port) \|\| memcmp(test.public_key, public_key, crypto_box_PUBLICKEYBYTES) != 0)	1215	if (!ipport_equal(&test.ip_port, &node_ip_port) \|\| public_key_cmp(test.public_key, public_key) != 0)
1216	return 0;	1216	return 0;
1217		1217
1218	return 1;	1218	return 1;
@@ -2081,7 +2081,7 @@ static IPPTsPng get_closelist_IPPTsPng(DHT dht, const uint8_t *public_key, sa_
2081	uint32_t i;	2081	uint32_t i;
2082		2082
2083	for (i = 0; i < LCLIENT_LIST; ++i) {	2083	for (i = 0; i < LCLIENT_LIST; ++i) {
2084	if (memcmp(dht->close_clientlist[i].public_key, public_key, crypto_box_PUBLICKEYBYTES) != 0)	2084	if (public_key_cmp(dht->close_clientlist[i].public_key, public_key) != 0)
2085	continue;	2085	continue;
2086		2086
2087	if (sa_family == AF_INET)	2087	if (sa_family == AF_INET)
@@ -2178,7 +2178,7 @@ static int handle_hardening(void object, IP_Port source, const uint8_t source_
2178	if (is_timeout(temp->hardening.send_nodes_timestamp, HARDENING_INTERVAL))	2178	if (is_timeout(temp->hardening.send_nodes_timestamp, HARDENING_INTERVAL))
2179	return 1;	2179	return 1;
2180		2180
2181	if (memcmp(temp->hardening.send_nodes_pingedid, source_pubkey, crypto_box_PUBLICKEYBYTES) != 0)	2181	if (public_key_cmp(temp->hardening.send_nodes_pingedid, source_pubkey) != 0)
2182	return 1;	2182	return 1;
2183		2183
2184	/* If Nodes look good and the request checks out */	2184	/* If Nodes look good and the request checks out */
@@ -2351,7 +2351,7 @@ static int cryptopacket_handle(void object, IP_Port source, const uint8_t pack
2351	length > MAX_CRYPTO_REQUEST_SIZE + crypto_box_MACBYTES)	2351	length > MAX_CRYPTO_REQUEST_SIZE + crypto_box_MACBYTES)
2352	return 1;	2352	return 1;
2353		2353
2354	if (memcmp(packet + 1, dht->self_public_key, crypto_box_PUBLICKEYBYTES) == 0) { // Check if request is for us.	2354	if (public_key_cmp(packet + 1, dht->self_public_key) == 0) { // Check if request is for us.
2355	uint8_t public_key[crypto_box_PUBLICKEYBYTES];	2355	uint8_t public_key[crypto_box_PUBLICKEYBYTES];
2356	uint8_t data[MAX_CRYPTO_REQUEST_SIZE];	2356	uint8_t data[MAX_CRYPTO_REQUEST_SIZE];
2357	uint8_t number;	2357	uint8_t number;