warp-vpn

simple point to point tunnel
git clone git://git.2f30.org/warp-vpn.git
Log | Files | Refs | README

commit a36ab6ee34098d18982bb2b5ae89f40d48cf588a
parent 6632480b99d63ea7ca34150ea106ab81ba6cb944
Author: sin <sin@2f30.org>
Date:   Tue Mar 29 11:35:56 +0100

fix buffer sizes

Diffstat:
stun.c | 27++++++++++++---------------
1 file changed, 12 insertions(+), 15 deletions(-)
diff --git a/stun.c b/stun.c @@ -466,17 +466,15 @@ readall(int fd, void *buf, int len) int readnet(int fd, unsigned char *buf, int len) { - unsigned char decbuf[MTU + AES_BLOCK_SIZE]; - unsigned char encbuf[MTU + AES_BLOCK_SIZE]; - unsigned char hdr[HDRLEN]; + unsigned char encbuf[MTU + AES_BLOCK_SIZE + HDRLEN]; int n, pktlen, paddedlen; /* read unpadded packet length */ - n = readall(fd, hdr, sizeof(hdr)); + n = readall(fd, encbuf, HDRLEN); if (n <= 0) return n; - pktlen = unpack16(hdr); + pktlen = unpack16(encbuf); pktlen &= PKTLENMASK; paddedlen = padto(pktlen, AES_BLOCK_SIZE); @@ -496,12 +494,11 @@ readnet(int fd, unsigned char *buf, int len) } /* read encrypted payload */ - n = readall(fd, encbuf, paddedlen); + n = readall(fd, &encbuf[HDRLEN], paddedlen); if (n <= 0) return n; - aesdec(&dec, decbuf, encbuf, paddedlen); - memcpy(buf, decbuf, pktlen); + aesdec(&dec, buf, &encbuf[HDRLEN], paddedlen); return pktlen; } @@ -522,7 +519,7 @@ setrcvtimeo(int netfd, time_t sec) int challenge(int netfd) { - unsigned char buf[sizeof(uint32_t)]; + unsigned char buf[MTU + AES_BLOCK_SIZE]; struct pollfd pfd[1]; uint32_t n, reply; int ret; @@ -531,7 +528,7 @@ challenge(int netfd) if (ret < 0) return -1; pack32(buf, n = arc4random()); - if (writenet(netfd, buf, sizeof(buf)) <= 0) + if (writenet(netfd, buf, sizeof(uint32_t)) <= 0) goto err; pfd[0].fd = netfd; pfd[0].events = POLLIN; @@ -545,7 +542,7 @@ challenge(int netfd) goto err; default: if (pfd[0].revents & (POLLIN | POLLHUP)) { - ret = readnet(netfd, buf, sizeof(buf)); + ret = readnet(netfd, buf, sizeof(uint32_t)); if (ret <= 0 || ret == BADPKT) goto err; reply = unpack32(buf); @@ -563,16 +560,16 @@ err: int response(int netfd) { - unsigned char buf[sizeof(uint32_t)]; + unsigned char buf[MTU + AES_BLOCK_SIZE]; uint32_t reply; int ret; - ret = readnet(netfd, buf, sizeof(buf)); + ret = readnet(netfd, buf, sizeof(uint32_t)); if (ret <= 0 || ret == BADPKT) return -1; reply = unpack32(buf); pack32(buf, reply + 1); - if (writenet(netfd, buf, sizeof(buf)) <= 0) + if (writenet(netfd, buf, sizeof(uint32_t)) <= 0) return -1; return 0; } @@ -598,7 +595,7 @@ tunnel(int netfd, int devfd) logerr("bad fd in poll set"); if (pfd[0].revents & (POLLIN | POLLHUP)) { - n = readnet(netfd, buf, MTU); + n = readnet(netfd, buf, sizeof(buf)); if (n <= 0) return 1; if (n == BADPKT) {