mirror of
https://github.com/PurpleI2P/i2pd.git
synced 2024-10-31 09:20:38 +00:00
Merge pull request #772 from majestrate/ssu-revert
don't use heap allocated buffers in ssu and fill uninitialized memory
This commit is contained in:
orignal
GitHub
commit
70b30f7849
@ -154,8 +154,7 @@ namespace transport
|
||||
{
|
||||
uint32_t msgID = bufbe32toh (buf); // message ID
|
||||
buf += 4;
|
||||
uint8_t frag[4];
|
||||
frag[0] = 0;
|
||||
uint8_t frag[4] = {0};
|
||||
memcpy (frag + 1, buf, 3);
|
||||
buf += 3;
|
||||
uint32_t fragmentInfo = bufbe32toh (frag); // fragment info
|
||||
@ -371,7 +370,7 @@ namespace transport
|
||||
|
||||
void SSUData::SendMsgAck (uint32_t msgID)
|
||||
{
|
||||
uint8_t * buf = new uint8_t[48 + 18]; // actual length is 44 = 37 + 7 but pad it to multiple of 16
|
||||
uint8_t buf[48 + 18] = {0}; // actual length is 44 = 37 + 7 but pad it to multiple of 16
|
||||
uint8_t * payload = buf + sizeof (SSUHeader);
|
||||
*payload = DATA_FLAG_EXPLICIT_ACKS_INCLUDED; // flag
|
||||
payload++;
|
||||
@ -384,7 +383,6 @@ namespace transport
|
||||
// encrypt message with session key
|
||||
m_Session.FillHeaderAndEncrypt (PAYLOAD_TYPE_DATA, buf, 48);
|
||||
m_Session.Send (buf, 48);
|
||||
delete [] buf;
|
||||
}
|
||||
|
||||
void SSUData::SendFragmentAck (uint32_t msgID, int fragmentNum)
|
||||
@ -394,7 +392,7 @@ namespace transport
|
||||
LogPrint (eLogWarning, "SSU: Fragment number ", fragmentNum, " exceeds 64");
|
||||
return;
|
||||
}
|
||||
uint8_t * buf = new uint8_t[64 + 18];
|
||||
uint8_t buf[64 + 18] = {0};
|
||||
uint8_t * payload = buf + sizeof (SSUHeader);
|
||||
*payload = DATA_FLAG_ACK_BITFIELDS_INCLUDED; // flag
|
||||
payload++;
|
||||
@ -414,7 +412,6 @@ namespace transport
|
||||
// encrypt message with session key
|
||||
m_Session.FillHeaderAndEncrypt (PAYLOAD_TYPE_DATA, buf, len);
|
||||
m_Session.Send (buf, len);
|
||||
delete [] buf;
|
||||
}
|
||||
|
||||
void SSUData::ScheduleResend()
|
||||
|
||||
@ -350,7 +350,7 @@ namespace transport
|
||||
|
||||
void SSUSession::SendSessionRequest ()
|
||||
{
|
||||
uint8_t * buf = new uint8_t[320 + 18]; // 304 bytes for ipv4, 320 for ipv6
|
||||
uint8_t buf[320 + 18] = {0}; // 304 bytes for ipv4, 320 for ipv6
|
||||
uint8_t * payload = buf + sizeof (SSUHeader);
|
||||
uint8_t flag = 0;
|
||||
// fill extended options, 3 bytes extended options don't change message size
|
||||
@ -381,7 +381,6 @@ namespace transport
|
||||
RAND_bytes (iv, 16); // random iv
|
||||
FillHeaderAndEncrypt (PAYLOAD_TYPE_SESSION_REQUEST, buf, isV4 ? 304 : 320, m_IntroKey, iv, m_IntroKey, flag);
|
||||
m_Server.Send (buf, isV4 ? 304 : 320, m_RemoteEndpoint);
|
||||
delete [] buf;
|
||||
}
|
||||
|
||||
void SSUSession::SendRelayRequest (const i2p::data::RouterInfo::Introducer& introducer, uint32_t nonce)
|
||||
@ -393,7 +392,7 @@ namespace transport
|
||||
return;
|
||||
}
|
||||
|
||||
uint8_t * buf = new uint8_t[96 + 18];
|
||||
uint8_t buf[96 + 18] = {0};
|
||||
uint8_t * payload = buf + sizeof (SSUHeader);
|
||||
htobe32buf (payload, introducer.iTag);
|
||||
payload += 4;
|
||||
@ -414,7 +413,6 @@ namespace transport
|
||||
else
|
||||
FillHeaderAndEncrypt (PAYLOAD_TYPE_RELAY_REQUEST, buf, 96, introducer.iKey, iv, introducer.iKey);
|
||||
m_Server.Send (buf, 96, m_RemoteEndpoint);
|
||||
delete [] buf;
|
||||
}
|
||||
|
||||
void SSUSession::SendSessionCreated (const uint8_t * x, bool sendRelayTag)
|
||||
@ -429,7 +427,7 @@ namespace transport
|
||||
SignedData s; // x,y, remote IP, remote port, our IP, our port, relayTag, signed on time
|
||||
s.Insert (x, 256); // x
|
||||
|
||||
uint8_t * buf = new uint8_t[384 + 18];
|
||||
uint8_t buf[384 + 18] = {0};
|
||||
uint8_t * payload = buf + sizeof (SSUHeader);
|
||||
memcpy (payload, m_DHKeysPair->GetPublicKey (), 256);
|
||||
s.Insert (payload, 256); // y
|
||||
@ -475,14 +473,18 @@ namespace transport
|
||||
m_SignedData = std::unique_ptr<SignedData>(new SignedData (s));
|
||||
s.Insert (payload - 4, 4); // BOB's signed on time
|
||||
s.Sign (i2p::context.GetPrivateKeys (), payload); // DSA signature
|
||||
// TODO: fill padding with random data
|
||||
|
||||
uint8_t iv[16];
|
||||
RAND_bytes (iv, 16); // random iv
|
||||
// encrypt signature and padding with newly created session key
|
||||
size_t signatureLen = i2p::context.GetIdentity ()->GetSignatureLen ();
|
||||
size_t paddingSize = signatureLen & 0x0F; // %16
|
||||
if (paddingSize > 0) signatureLen += (16 - paddingSize);
|
||||
if (paddingSize > 0)
|
||||
{
|
||||
// fill random padding
|
||||
RAND_bytes(payload + signatureLen, (16 - paddingSize));
|
||||
signatureLen += (16 - paddingSize);
|
||||
}
|
||||
m_SessionKeyEncryption.SetIV (iv);
|
||||
m_SessionKeyEncryption.Encrypt (payload, signatureLen, payload);
|
||||
payload += signatureLen;
|
||||
@ -491,12 +493,11 @@ namespace transport
|
||||
// encrypt message with intro key
|
||||
FillHeaderAndEncrypt (PAYLOAD_TYPE_SESSION_CREATED, buf, msgLen, m_IntroKey, iv, m_IntroKey);
|
||||
Send (buf, msgLen);
|
||||
delete [] buf;
|
||||
}
|
||||
|
||||
void SSUSession::SendSessionConfirmed (const uint8_t * y, const uint8_t * ourAddress, size_t ourAddressLen)
|
||||
{
|
||||
uint8_t * buf = new uint8_t[512 + 18];
|
||||
uint8_t buf[512 + 18] = {0};
|
||||
uint8_t * payload = buf + sizeof (SSUHeader);
|
||||
*payload = 1; // 1 fragment
|
||||
payload++; // info
|
||||
@ -511,9 +512,8 @@ namespace transport
|
||||
auto signatureLen = i2p::context.GetIdentity ()->GetSignatureLen ();
|
||||
size_t paddingSize = ((payload - buf) + signatureLen)%16;
|
||||
if (paddingSize > 0) paddingSize = 16 - paddingSize;
|
||||
// TODO: fill padding
|
||||
RAND_bytes(payload, paddingSize); // fill padding with random
|
||||
payload += paddingSize; // padding size
|
||||
|
||||
// signature
|
||||
SignedData s; // x,y, our IP, our port, remote IP, remote port, relayTag, our signed on time
|
||||
s.Insert (m_DHKeysPair->GetPublicKey (), 256); // x
|
||||
@ -535,7 +535,6 @@ namespace transport
|
||||
// encrypt message with session key
|
||||
FillHeaderAndEncrypt (PAYLOAD_TYPE_SESSION_CONFIRMED, buf, msgLen, m_SessionKey, iv, m_MacKey);
|
||||
Send (buf, msgLen);
|
||||
delete [] buf;
|
||||
}
|
||||
|
||||
void SSUSession::ProcessRelayRequest (const uint8_t * buf, size_t len, const boost::asio::ip::udp::endpoint& from)
|
||||
@ -569,7 +568,7 @@ namespace transport
|
||||
LogPrint (eLogWarning, "SSU: Charlie's IP must be v4");
|
||||
return;
|
||||
}
|
||||
uint8_t * buf = new uint8_t[80 + 18]; // 64 Alice's ipv4 and 80 Alice's ipv6
|
||||
uint8_t buf[80 + 18] = {0}; // 64 Alice's ipv4 and 80 Alice's ipv6
|
||||
uint8_t * payload = buf + sizeof (SSUHeader);
|
||||
*payload = 4;
|
||||
payload++; // size
|
||||
@ -612,7 +611,6 @@ namespace transport
|
||||
m_Server.Send (buf, isV4 ? 64 : 80, from);
|
||||
}
|
||||
LogPrint (eLogDebug, "SSU: relay response sent");
|
||||
delete [] buf;
|
||||
}
|
||||
|
||||
void SSUSession::SendRelayIntro (std::shared_ptr<SSUSession> session, const boost::asio::ip::udp::endpoint& from)
|
||||
@ -624,7 +622,7 @@ namespace transport
|
||||
LogPrint (eLogWarning, "SSU: Alice's IP must be v4");
|
||||
return;
|
||||
}
|
||||
uint8_t * buf = new uint8_t[48 + 18];
|
||||
uint8_t buf[48 + 18] = {0};
|
||||
uint8_t * payload = buf + sizeof (SSUHeader);
|
||||
*payload = 4;
|
||||
payload++; // size
|
||||
@ -638,7 +636,6 @@ namespace transport
|
||||
FillHeaderAndEncrypt (PAYLOAD_TYPE_RELAY_INTRO, buf, 48, session->m_SessionKey, iv, session->m_MacKey);
|
||||
m_Server.Send (buf, 48, session->m_RemoteEndpoint);
|
||||
LogPrint (eLogDebug, "SSU: relay intro sent");
|
||||
delete [] buf;
|
||||
}
|
||||
|
||||
void SSUSession::ProcessRelayResponse (const uint8_t * buf, size_t len)
|
||||
@ -1046,7 +1043,7 @@ namespace transport
|
||||
// toAddress is true for Alice<->Chalie communications only
|
||||
// sendAddress is false if message comes from Alice
|
||||
{
|
||||
uint8_t * buf = new uint8_t[80 + 18];
|
||||
uint8_t buf[80 + 18] = {0};
|
||||
uint8_t iv[16];
|
||||
uint8_t * payload = buf + sizeof (SSUHeader);
|
||||
htobe32buf (payload, nonce);
|
||||
@ -1103,7 +1100,6 @@ namespace transport
|
||||
FillHeaderAndEncrypt (PAYLOAD_TYPE_PEER_TEST, buf, 80);
|
||||
Send (buf, 80);
|
||||
}
|
||||
delete [] buf;
|
||||
}
|
||||
|
||||
void SSUSession::SendPeerTest ()
|
||||
@ -1128,7 +1124,7 @@ namespace transport
|
||||
{
|
||||
if (m_State == eSessionStateEstablished)
|
||||
{
|
||||
uint8_t * buf = new uint8_t[48 + 18];
|
||||
uint8_t buf[48 + 18] = {0};
|
||||
uint8_t * payload = buf + sizeof (SSUHeader);
|
||||
*payload = 0; // flags
|
||||
payload++;
|
||||
@ -1138,7 +1134,6 @@ namespace transport
|
||||
Send (buf, 48);
|
||||
LogPrint (eLogDebug, "SSU: keep-alive sent");
|
||||
m_LastActivityTimestamp = i2p::util::GetSecondsSinceEpoch ();
|
||||
delete [] buf;
|
||||
}
|
||||
}
|
||||
|
||||
@ -1146,7 +1141,7 @@ namespace transport
|
||||
{
|
||||
if (m_IsSessionKey)
|
||||
{
|
||||
uint8_t * buf = new uint8_t[48 + 18];
|
||||
uint8_t buf[48 + 18] = {0};
|
||||
// encrypt message with session key
|
||||
FillHeaderAndEncrypt (PAYLOAD_TYPE_SESSION_DESTROYED, buf, 48);
|
||||
try
|
||||
@ -1158,13 +1153,12 @@ namespace transport
|
||||
LogPrint (eLogWarning, "SSU: exception while sending session destoroyed: ", ex.what ());
|
||||
}
|
||||
LogPrint (eLogDebug, "SSU: session destroyed sent");
|
||||
delete [] buf;
|
||||
}
|
||||
}
|
||||
|
||||
void SSUSession::Send (uint8_t type, const uint8_t * payload, size_t len)
|
||||
{
|
||||
uint8_t * buf = new uint8_t[SSU_MTU_V4 + 18];
|
||||
uint8_t buf[SSU_MTU_V4 + 18] = {0};
|
||||
size_t msgSize = len + sizeof (SSUHeader);
|
||||
size_t paddingSize = msgSize & 0x0F; // %16
|
||||
if (paddingSize > 0) msgSize += (16 - paddingSize);
|
||||
@ -1177,7 +1171,6 @@ namespace transport
|
||||
// encrypt message with session key
|
||||
FillHeaderAndEncrypt (type, buf, msgSize);
|
||||
Send (buf, msgSize);
|
||||
delete [] buf;
|
||||
}
|
||||
|
||||
void SSUSession::Send (const uint8_t * buf, size_t size)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user