TheArchive/iodine
1
0
Fork 0
mirror of https://github.com/yarrick/iodine.git synced 2025-08-14 23:07:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix authentication bypass bug

Browse Source 
The client could bypass the password check by continuing after getting error
from the server and guessing the network parameters. The server would still
accept the rest of the setup and also network traffic.

Add checks for normal and raw mode that user has authenticated before allowing
any other communication.

Problem found by Oscar Reparaz.
This commit is contained in:
Erik Ekman
2014-06-16 21:12:49 +02:00
parent bf658b0c59
commit b715be5cf3
5 changed files with 52 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
tests/user.c
View File

@@ -94,6 +94,11 @@ START_TEST(test_find_user_by_ip)
users[0].last_pkt = time(NULL);
testip = (unsigned int) inet_addr("127.0.0.2");
fail_unless(find_user_by_ip(testip) == -1);
users[0].authenticated = 1;
testip = (unsigned int) inet_addr("127.0.0.2");
fail_unless(find_user_by_ip(testip) == 0);
}
@@ -137,7 +142,11 @@ START_TEST(test_find_available_user)
init_users(ip, 27);
for (i = 0; i < USERS; i++) {
users[i].authenticated = 1;
users[i].authenticated_raw = 1;
fail_unless(find_available_user() == i);
fail_if(users[i].authenticated);
fail_if(users[i].authenticated_raw);
}
for (i = 0; i < USERS; i++) {