warp-vpn

point to point VPN implementation
git clone git://git.2f30.org/warp-vpn
Log | Files | Refs | README
commit a36ab6ee34098d18982bb2b5ae89f40d48cf588a
parent 6632480b99d63ea7ca34150ea106ab81ba6cb944
Author: sin <sin@2f30.org>
Date:   Tue, 29 Mar 2016 11:35:56 +0100

fix buffer sizes

Diffstat:

Mstun.c | 27++++++++++++---------------


1 file changed, 12 insertions(+), 15 deletions(-)

diff --git a/stun.c b/stun.c
@@ -466,17 +466,15 @@ readall(int fd, void *buf, int len)
 int
 readnet(int fd, unsigned char *buf, int len)
 {
-	unsigned char decbuf[MTU + AES_BLOCK_SIZE];
-	unsigned char encbuf[MTU + AES_BLOCK_SIZE];
-	unsigned char hdr[HDRLEN];
+	unsigned char encbuf[MTU + AES_BLOCK_SIZE + HDRLEN];
 	int n, pktlen, paddedlen;
 
 	/* read unpadded packet length */
-	n = readall(fd, hdr, sizeof(hdr));
+	n = readall(fd, encbuf, HDRLEN);
 	if (n <= 0)
 		return n;
 
-	pktlen = unpack16(hdr);
+	pktlen = unpack16(encbuf);
 	pktlen &= PKTLENMASK;
 	paddedlen = padto(pktlen, AES_BLOCK_SIZE);
 
@@ -496,12 +494,11 @@ readnet(int fd, unsigned char *buf, int len)
 	}
 
 	/* read encrypted payload */
-	n = readall(fd, encbuf, paddedlen);
+	n = readall(fd, &encbuf[HDRLEN], paddedlen);
 	if (n <= 0)
 		return n;
 
-	aesdec(&dec, decbuf, encbuf, paddedlen);
-	memcpy(buf, decbuf, pktlen);
+	aesdec(&dec, buf, &encbuf[HDRLEN], paddedlen);
 	return pktlen;
 }
 
@@ -522,7 +519,7 @@ setrcvtimeo(int netfd, time_t sec)
 int
 challenge(int netfd)
 {
-	unsigned char buf[sizeof(uint32_t)];
+	unsigned char buf[MTU + AES_BLOCK_SIZE];
 	struct pollfd pfd[1];
 	uint32_t n, reply;
 	int ret;
@@ -531,7 +528,7 @@ challenge(int netfd)
 	if (ret < 0)
 		return -1;
 	pack32(buf, n = arc4random());
-	if (writenet(netfd, buf, sizeof(buf)) <= 0)
+	if (writenet(netfd, buf, sizeof(uint32_t)) <= 0)
 		goto err;
 	pfd[0].fd = netfd;
 	pfd[0].events = POLLIN;
@@ -545,7 +542,7 @@ challenge(int netfd)
 		goto err;
 	default:
 		if (pfd[0].revents & (POLLIN | POLLHUP)) {
-			ret = readnet(netfd, buf, sizeof(buf));
+			ret = readnet(netfd, buf, sizeof(uint32_t));
 			if (ret <= 0 || ret == BADPKT)
 				goto err;
 			reply = unpack32(buf);
@@ -563,16 +560,16 @@ err:
 int
 response(int netfd)
 {
-	unsigned char buf[sizeof(uint32_t)];
+	unsigned char buf[MTU + AES_BLOCK_SIZE];
 	uint32_t reply;
 	int ret;
 
-	ret = readnet(netfd, buf, sizeof(buf));
+	ret = readnet(netfd, buf, sizeof(uint32_t));
 	if (ret <= 0 || ret == BADPKT)
 		return -1;
 	reply = unpack32(buf);
 	pack32(buf, reply + 1);
-	if (writenet(netfd, buf, sizeof(buf)) <= 0)
+	if (writenet(netfd, buf, sizeof(uint32_t)) <= 0)
 		return -1;
 	return 0;
 }
@@ -598,7 +595,7 @@ tunnel(int netfd, int devfd)
 			logerr("bad fd in poll set");
 
 		if (pfd[0].revents & (POLLIN | POLLHUP)) {
-			n = readnet(netfd, buf, MTU);
+			n = readnet(netfd, buf, sizeof(buf));
 			if (n <= 0)
 				return 1;
 			if (n == BADPKT) {