diff options
author | irungentoo <irungentoo@gmail.com> | 2014-06-04 13:28:56 -0400 |
---|---|---|
committer | irungentoo <irungentoo@gmail.com> | 2014-06-04 13:28:56 -0400 |
commit | b44b58cae41ba8da806dc0b6149ab21da252e884 (patch) | |
tree | cd0b3e2a88095f5f1be085b9c856c8bd6bdec472 /toxcore/net_crypto.c | |
parent | de5a33e8520b99775caee8d4a304703a50ef862e (diff) |
Added data packet padding to toxcore.
Data sent as lossless or lossy is now padded with:
((MAX_CRYPTO_DATA_SIZE - data_length) % CRYPTO_MAX_PADDING) bytes
in order to reduce the possibility of length related attacks.
I set CRYPTO_MAX_PADDING to 8 but it can be changed anytime without
breaking network compatibility between tox cores.
Diffstat (limited to 'toxcore/net_crypto.c')
-rw-r--r-- | toxcore/net_crypto.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/toxcore/net_crypto.c b/toxcore/net_crypto.c index 1b78bf1b..8c1d74c7 100644 --- a/toxcore/net_crypto.c +++ b/toxcore/net_crypto.c | |||
@@ -752,12 +752,17 @@ static int send_data_packet(Net_Crypto *c, int crypt_connection_id, uint8_t *dat | |||
752 | static int send_data_packet_helper(Net_Crypto *c, int crypt_connection_id, uint32_t buffer_start, uint32_t num, | 752 | static int send_data_packet_helper(Net_Crypto *c, int crypt_connection_id, uint32_t buffer_start, uint32_t num, |
753 | uint8_t *data, uint32_t length) | 753 | uint8_t *data, uint32_t length) |
754 | { | 754 | { |
755 | if (length == 0 || length > MAX_CRYPTO_DATA_SIZE) | ||
756 | return -1; | ||
757 | |||
755 | num = htonl(num); | 758 | num = htonl(num); |
756 | buffer_start = htonl(buffer_start); | 759 | buffer_start = htonl(buffer_start); |
757 | uint8_t packet[sizeof(uint32_t) + sizeof(uint32_t) + length]; | 760 | uint16_t padding_length = (MAX_CRYPTO_DATA_SIZE - length) % CRYPTO_MAX_PADDING; |
761 | uint8_t packet[sizeof(uint32_t) + sizeof(uint32_t) + padding_length + length]; | ||
758 | memcpy(packet, &buffer_start, sizeof(uint32_t)); | 762 | memcpy(packet, &buffer_start, sizeof(uint32_t)); |
759 | memcpy(packet + sizeof(uint32_t), &num, sizeof(uint32_t)); | 763 | memcpy(packet + sizeof(uint32_t), &num, sizeof(uint32_t)); |
760 | memcpy(packet + (sizeof(uint32_t) * 2), data, length); | 764 | memset(packet + (sizeof(uint32_t) * 2), 0, padding_length); |
765 | memcpy(packet + (sizeof(uint32_t) * 2) + padding_length, data, length); | ||
761 | 766 | ||
762 | return send_data_packet(c, crypt_connection_id, packet, sizeof(packet)); | 767 | return send_data_packet(c, crypt_connection_id, packet, sizeof(packet)); |
763 | } | 768 | } |