From b44b58cae41ba8da806dc0b6149ab21da252e884 Mon Sep 17 00:00:00 2001 From: irungentoo Date: Wed, 4 Jun 2014 13:28:56 -0400 Subject: Added data packet padding to toxcore. Data sent as lossless or lossy is now padded with: ((MAX_CRYPTO_DATA_SIZE - data_length) % CRYPTO_MAX_PADDING) bytes in order to reduce the possibility of length related attacks. I set CRYPTO_MAX_PADDING to 8 but it can be changed anytime without breaking network compatibility between tox cores. --- toxcore/net_crypto.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'toxcore/net_crypto.c') diff --git a/toxcore/net_crypto.c b/toxcore/net_crypto.c index 1b78bf1b..8c1d74c7 100644 --- a/toxcore/net_crypto.c +++ b/toxcore/net_crypto.c @@ -752,12 +752,17 @@ static int send_data_packet(Net_Crypto *c, int crypt_connection_id, uint8_t *dat static int send_data_packet_helper(Net_Crypto *c, int crypt_connection_id, uint32_t buffer_start, uint32_t num, uint8_t *data, uint32_t length) { + if (length == 0 || length > MAX_CRYPTO_DATA_SIZE) + return -1; + num = htonl(num); buffer_start = htonl(buffer_start); - uint8_t packet[sizeof(uint32_t) + sizeof(uint32_t) + length]; + uint16_t padding_length = (MAX_CRYPTO_DATA_SIZE - length) % CRYPTO_MAX_PADDING; + uint8_t packet[sizeof(uint32_t) + sizeof(uint32_t) + padding_length + length]; memcpy(packet, &buffer_start, sizeof(uint32_t)); memcpy(packet + sizeof(uint32_t), &num, sizeof(uint32_t)); - memcpy(packet + (sizeof(uint32_t) * 2), data, length); + memset(packet + (sizeof(uint32_t) * 2), 0, padding_length); + memcpy(packet + (sizeof(uint32_t) * 2) + padding_length, data, length); return send_data_packet(c, crypt_connection_id, packet, sizeof(packet)); } -- cgit v1.2.3