-
Notifications
You must be signed in to change notification settings - Fork 32
Description
Hello,
Based on my tests, it seems Decodepacket calls the handler even if the hash is insane.
I think the good behaevior would be to silently drop malformed packet (perhaps notify but NOT call the handler)
The following decode check the hash correctly before calling the handler.
tofgau
func DecodePacket(Secret string, buf []byte) (p Packet, err error) {
// fmt.Printf("\n\ndecEntr*%v", buf)
if len(buf) < 20 {
return nil, errors.New("invalid length")
}
p = &Packet{Secret: Secret}
p.Code = PacketCode(buf[0])
p.Identifier = buf[1]
copy(p.Authenticator[:], buf[4:20])
//read attributes
b := buf[20:]
for len(b) >= 2 {
length := uint8(b[1])
if int(length) > len(b) {
return nil, errors.New("invalid length")
}
attr := AVP{}
attr.Type = AttributeType(b[0])
attr.Value = append(attr.Value, b[2:length]...)
p.AVPs = append(p.AVPs, attr)
b = b[length:]
}
//验证Message-Authenticator,并且通过测试验证此处算法是正确的
//Verify Message-Authenticator, and tested to verify the algorithm is correct here
// err = p.checkMessageAuthenticator()
//Tofgau 201812 : this is not used anymore
//tofau : Dump Original Buffer
//fmt.Printf("\n\n****BUF0 %x", buf)
oldAuth := p.Authenticator
//fmt.Printf("\n****PKHASH %x", oldAuth)
//Duplicate the buffer and white the hash part
tmp := make([]byte, len(buf))
copy(tmp, buf)
var white [16]byte
copy(tmp[4:20], white[:])
//tofau : Calculate a hash on this new buffer concatenated with the secret
hasher := crypto.Hash(crypto.MD5).New()
hasher.Write(tmp)
hasher.Write([]byte(p.Secret))
calculatedHash := hasher.Sum(nil)
//tofau :
//fmt.Printf("\n****MYHASH %x", calculatedHash)
if !hmac.Equal(calculatedHash, oldAuth[:]) {
//fmt.Printf("\n\nINVALID PACKET")
return p, ErrMessageAuthenticatorCheckFail
} else {
//fmt.Printf("\n\nVALID PACKET")
}
return p, nil
/* supressed by tofgau
if err != nil {
return p, err
}
return p, nil
*/
}