diff options
| author | Roman Proskuryakov <humbug@deeptown.org> | 2016-01-24 19:16:40 +0300 |
|---|---|---|
| committer | Roman Proskuryakov <humbug@deeptown.org> | 2016-01-27 02:14:59 +0300 |
| commit | ed3a794c9bf6380801ee21c816505f457b6a1348 (patch) | |
| tree | 14e1b8fa1c8c1b7f45b08bae5e0b6169054c3751 /toxcore/friend_connection.c | |
| parent | 61f8e65c0157049ac26bf9b081ba6842d7defdeb (diff) | |
fix: compare sensitive data with sodium_memcmp
fix: make increment_nonce & increment_nonce_number independent of user-controlled input
fix: make crypto_core more stable agains null ptr dereference
Diffstat (limited to 'toxcore/friend_connection.c')
| -rw-r--r-- | toxcore/friend_connection.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/toxcore/friend_connection.c b/toxcore/friend_connection.c index 04deaf81..e7c8432b 100644 --- a/toxcore/friend_connection.c +++ b/toxcore/friend_connection.c | |||
| @@ -138,7 +138,7 @@ int getfriend_conn_id_pk(Friend_Connections *fr_c, const uint8_t *real_pk) | |||
| 138 | Friend_Conn *friend_con = get_conn(fr_c, i); | 138 | Friend_Conn *friend_con = get_conn(fr_c, i); |
| 139 | 139 | ||
| 140 | if (friend_con) { | 140 | if (friend_con) { |
| 141 | if (memcmp(friend_con->real_public_key, real_pk, crypto_box_PUBLICKEYBYTES) == 0) | 141 | if (public_key_cmp(friend_con->real_public_key, real_pk) == 0) |
| 142 | return i; | 142 | return i; |
| 143 | } | 143 | } |
| 144 | } | 144 | } |
| @@ -159,7 +159,7 @@ int friend_add_tcp_relay(Friend_Connections *fr_c, int friendcon_id, IP_Port ip_ | |||
| 159 | return -1; | 159 | return -1; |
| 160 | 160 | ||
| 161 | /* Local ip and same pk means that they are hosting a TCP relay. */ | 161 | /* Local ip and same pk means that they are hosting a TCP relay. */ |
| 162 | if (Local_ip(ip_port.ip) && memcmp(friend_con->dht_temp_pk, public_key, crypto_box_PUBLICKEYBYTES) == 0) { | 162 | if (Local_ip(ip_port.ip) && public_key_cmp(friend_con->dht_temp_pk, public_key) == 0) { |
| 163 | if (friend_con->dht_ip_port.ip.family != 0) { | 163 | if (friend_con->dht_ip_port.ip.family != 0) { |
| 164 | ip_port.ip = friend_con->dht_ip_port.ip; | 164 | ip_port.ip = friend_con->dht_ip_port.ip; |
| 165 | } else { | 165 | } else { |
| @@ -173,7 +173,7 @@ int friend_add_tcp_relay(Friend_Connections *fr_c, int friendcon_id, IP_Port ip_ | |||
| 173 | 173 | ||
| 174 | for (i = 0; i < FRIEND_MAX_STORED_TCP_RELAYS; ++i) { | 174 | for (i = 0; i < FRIEND_MAX_STORED_TCP_RELAYS; ++i) { |
| 175 | if (friend_con->tcp_relays[i].ip_port.ip.family != 0 | 175 | if (friend_con->tcp_relays[i].ip_port.ip.family != 0 |
| 176 | && memcmp(friend_con->tcp_relays[i].public_key, public_key, crypto_box_PUBLICKEYBYTES) == 0) { | 176 | && public_key_cmp(friend_con->tcp_relays[i].public_key, public_key) == 0) { |
| 177 | memset(&friend_con->tcp_relays[i], 0, sizeof(Node_format)); | 177 | memset(&friend_con->tcp_relays[i], 0, sizeof(Node_format)); |
| 178 | } | 178 | } |
| 179 | } | 179 | } |
| @@ -356,7 +356,7 @@ static void dht_pk_callback(void *object, int32_t number, const uint8_t *dht_pub | |||
| 356 | if (!friend_con) | 356 | if (!friend_con) |
| 357 | return; | 357 | return; |
| 358 | 358 | ||
| 359 | if (memcmp(friend_con->dht_temp_pk, dht_public_key, crypto_box_PUBLICKEYBYTES) == 0) | 359 | if (public_key_cmp(friend_con->dht_temp_pk, dht_public_key) == 0) |
| 360 | return; | 360 | return; |
| 361 | 361 | ||
| 362 | change_dht_pk(fr_c, number, dht_public_key); | 362 | change_dht_pk(fr_c, number, dht_public_key); |
| @@ -479,7 +479,7 @@ static int handle_new_connections(void *object, New_Connection *n_c) | |||
| 479 | friend_con->dht_ip_port_lastrecv = unix_time(); | 479 | friend_con->dht_ip_port_lastrecv = unix_time(); |
| 480 | } | 480 | } |
| 481 | 481 | ||
| 482 | if (memcmp(friend_con->dht_temp_pk, n_c->dht_public_key, crypto_box_PUBLICKEYBYTES) != 0) { | 482 | if (public_key_cmp(friend_con->dht_temp_pk, n_c->dht_public_key) != 0) { |
| 483 | change_dht_pk(fr_c, friendcon_id, n_c->dht_public_key); | 483 | change_dht_pk(fr_c, friendcon_id, n_c->dht_public_key); |
| 484 | } | 484 | } |
| 485 | 485 | ||