Skip to content
Permalink
Browse files

Fix some SRP issues

-> Remove memory allocation bugs
-> Merge changes from upstream, enabling customizeable memory allocation
  • Loading branch information
est31 committed Sep 30, 2015
1 parent 2a7d01b commit 0bf1984d2c9fb3a9dc73303551c18906c3c9482b
Showing with 153 additions and 82 deletions.
  1. +4 −2 src/client.cpp
  2. +4 −1 src/util/auth.cpp
  3. +118 −75 src/util/srp.cpp
  4. +27 −4 src/util/srp.h
@@ -1059,8 +1059,10 @@ void Client::startAuth(AuthMechanism chosen_auth_mechanism)
m_password.length(), NULL, NULL);
char *bytes_A = 0;
size_t len_A = 0;
srp_user_start_authentication((struct SRPUser *) m_auth_data,
NULL, NULL, 0, (unsigned char **) &bytes_A, &len_A);
SRP_Result res = srp_user_start_authentication(
(struct SRPUser *) m_auth_data, NULL, NULL, 0,
(unsigned char **) &bytes_A, &len_A);
FATAL_ERROR_IF(res != SRP_OK, "Creating local SRP user failed.");

NetworkPacket resp_pkt(TOSERVER_SRP_BYTES_A, 0);
resp_pkt << std::string(bytes_A, len_A) << based_on;
@@ -24,6 +24,7 @@ with this program; if not, write to the Free Software Foundation, Inc.,
#include "sha1.h"
#include "srp.h"
#include "string.h"
#include "debug.h"

// Get an sha-1 hash of the player's name combined with
// the password entered. That's what the server uses as
@@ -50,10 +51,11 @@ void getSRPVerifier(const std::string &name,
char **bytes_v, size_t *len_v)
{
std::string n_name = lowercase(name);
srp_create_salted_verification_key(SRP_SHA256, SRP_NG_2048,
SRP_Result res = srp_create_salted_verification_key(SRP_SHA256, SRP_NG_2048,
n_name.c_str(), (const unsigned char *)password.c_str(),
password.size(), (unsigned char **)salt, salt_len,
(unsigned char **)bytes_v, len_v, NULL, NULL);
FATAL_ERROR_IF(res != SRP_OK, "Couldn't create salted SRP verifier");
}

// Get a db-ready SRP verifier
@@ -67,6 +69,7 @@ inline static std::string getSRPVerifier(const std::string &name,
size_t len_v;
getSRPVerifier(name, password, salt, &salt_len,
&bytes_v, &len_v);
assert(*salt); // usually, srp_create_salted_verification_key promises us to return SRP_ERR when *salt == NULL
std::string ret_val = encodeSRPVerifier(std::string(bytes_v, len_v),
std::string(*salt, salt_len));
free(bytes_v);

0 comments on commit 0bf1984

Please sign in to comment.