Skip to content

Commit

Permalink
Better handling of decoding and transmission errors
Browse files Browse the repository at this point in the history
  • Loading branch information
Marcos Del Sol Vives committed Aug 8, 2015
1 parent 092d91a commit 659c6e0
Show file tree
Hide file tree
Showing 3 changed files with 49 additions and 22 deletions.
47 changes: 31 additions & 16 deletions main.c
View file
Expand Up @@ -415,16 +415,21 @@ int runsession(sigma_session* session)

if (readvalue < 0)
{
fprintf(stderr, "%s: Local read error %ld: %s\n", session->sessionname, readvalue, strerror(errno));
fprintf(stderr, "%s: Local encode error %ld: %s\n", session->sessionname, readvalue, strerror(errno));
return -1;
}

long writevalue = session->remote->write(session->remote, tuntapbufenc, readvalue);

if (writevalue < 0)
{
fprintf(stderr, "%s: Local write error %ld: %s\n", session->sessionname, writevalue, strerror(errno));
return -1;
if (errno != EINVAL)
{
fprintf(stderr, "%s: Local write error %ld: %s\n", session->sessionname, writevalue, strerror(errno));
return -1;
}

fprintf(stderr, "%s: Could not send packet with length %u on remote interface\n", session->sessionname, (unsigned) readvalue);
}
}

Expand All @@ -443,22 +448,32 @@ int runsession(sigma_session* session)

if (readvalue < 0)
{
fprintf(stderr, "%s: Remote read error %ld: %s\n", session->sessionname, readvalue, strerror(errno));
return -1;
}
if (errno != EINVAL)
{
fprintf(stderr, "%s: Fatal remote decode error %ld: %s\n", session->sessionname, readvalue, strerror(errno));
return -1;
}

long writevalue = session->local->write(session->local, udpbuf, readvalue);
fprintf(stderr, "%s: Received invalid packet\n", session->sessionname);
} else {
long writevalue = session->local->write(session->local, udpbuf, readvalue);

if (writevalue < 0)
{
fprintf(stderr, "%s: Remote write error %ld: %s\n", session->sessionname, writevalue, strerror(errno));
return -1;
}
if (writevalue < 0)
{
if (errno != EINVAL)
{
fprintf(stderr, "%s: Remote write error %ld: %s\n", session->sessionname, writevalue, strerror(errno));
return -1;
}

if (session->remote->updateremote != NULL)
{
session->remote->updateremote(session->remote);
}
fprintf(stderr, "%s: Could not send packet with length %u on local interface\n", session->sessionname, (unsigned) readvalue);
}

if (session->remote->updateremote != NULL)
{
session->remote->updateremote(session->remote);
}
}
}
}

Expand Down
21 changes: 15 additions & 6 deletions proto/proto_nacltai.c
View file
Expand Up @@ -35,6 +35,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <sodium.h>
#include <errno.h>

#include "../types.h"
#include "../proto.h"
Expand Down Expand Up @@ -68,6 +69,7 @@ static int proto_set(sigma_proto* instance, char* param, char* value)
if (read != crypto_box_PUBLICKEYBYTES || value[crypto_box_PUBLICKEYBYTES * 2] != '\0')
{
fprintf(stderr, "Public key is incorrect length\n");
errno = EILSEQ;
return -1;
}
}
Expand All @@ -78,12 +80,14 @@ static int proto_set(sigma_proto* instance, char* param, char* value)
if (read != crypto_box_SECRETKEYBYTES || value[crypto_box_SECRETKEYBYTES * 2] != '\0')
{
fprintf(stderr, "Private key is incorrect length\n");
errno = EILSEQ;
return -1;
}
}
else
{
fprintf(stderr, "Unknown attribute '%s'\n", param);
errno = EINVAL;
return -1;
}

Expand Down Expand Up @@ -112,14 +116,15 @@ static int proto_encode(sigma_proto *instance, uint8_t* input, uint8_t* output,
((sigma_proto_nacl*) instance)->precomp
);

memcpy(output, inst->encnonce + nonceoffset, noncelength);

if (result)
{
fprintf(stderr, "Encryption failed (length %u, given result %i)\n", (unsigned) len, result);
errno = EINVAL;
return -1;
}

memcpy(output, inst->encnonce + nonceoffset, noncelength);

return len;
}

Expand All @@ -128,7 +133,8 @@ static int proto_decode(sigma_proto *instance, uint8_t* input, uint8_t* output,
if (len < crypto_box_ZEROBYTES)
{
fprintf(stderr, "Short packet received: %u\n", (unsigned) len);
return 0;
errno = EINVAL;
return -1;
}

sigma_proto_nacl* inst = (sigma_proto_nacl*) instance;
Expand All @@ -139,7 +145,8 @@ static int proto_decode(sigma_proto *instance, uint8_t* input, uint8_t* output,
if (memcmp(input, inst->rxtaialog[i], noncelength) == 0)
{
fprintf(stderr, "Timestamp reuse detected, possible replay attack (packet length %u)\n", (unsigned) len);
return 0;
errno = EINVAL;
return -1;
}

if (i != 0 && memcmp(inst->rxtaialog[i], inst->rxtaialog[taioldest], noncelength) < 0)
Expand All @@ -149,7 +156,8 @@ static int proto_decode(sigma_proto *instance, uint8_t* input, uint8_t* output,
if (memcmp(input, inst->rxtaialog[taioldest], noncelength) < 0)
{
fprintf(stderr, "Timestamp older than our oldest known timestamp, possible replay attack (packet length %u)\n", (unsigned) len);
return 0;
errno = EINVAL;
return -1;
}

uint8_t tempbufferout[len];
Expand All @@ -168,7 +176,8 @@ static int proto_decode(sigma_proto *instance, uint8_t* input, uint8_t* output,
if (result)
{
fprintf(stderr, "Decryption failed (length %u, given result %i)\n", (unsigned) len, result);
return 0;
errno = EINVAL;
return -1;
}

len -= crypto_box_ZEROBYTES;
Expand Down
3 changes: 3 additions & 0 deletions proto/proto_raw.c
View file
Expand Up @@ -31,6 +31,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>

#include "../types.h"
#include "../proto.h"
Expand All @@ -43,6 +44,7 @@ static int proto_encode(sigma_proto *instance, uint8_t* input, uint8_t* output,
return len;
}

errno = ECOMM;
return -1;
}

Expand All @@ -54,6 +56,7 @@ static int proto_decode(sigma_proto *instance, uint8_t* input, uint8_t* output,
return len;
}

errno = ECOMM;
return -1;
}

Expand Down

0 comments on commit 659c6e0

Please sign in to comment.