zx/bforce
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Fix unprotected handshake options

Browse Source
This commit is contained in:
Alexey Khromov 2025-03-20 18:37:19 +03:00
parent 25cfb143dc
commit 4da486264b
1 changed files with 25 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
source/bforce/prot_binkp.c
View File

@ -140,6 +140,7 @@ int binkp_loop(s_binkp_state *bstate) {
return PRC_ERROR; return PRC_ERROR;
} }
writebuf[1] = block_length&0xff; writebuf[1] = block_length&0xff;
// TODO: FIX unprotected mode
if (bstate->mode==bmode_transfer && bstate->remote_data->options&BINKP_OPT_CRYPT) if (bstate->mode==bmode_transfer && bstate->remote_data->options&BINKP_OPT_CRYPT)
encrypt_buf(writebuf, have_to_write, bstate->remote_data->keys_out); encrypt_buf(writebuf, have_to_write, bstate->remote_data->keys_out);
} }
@ -209,6 +210,7 @@ int binkp_loop(s_binkp_state *bstate) {
log("read: remote socket shutdown"); log("read: remote socket shutdown");
return PRC_REMOTEABORTED; return PRC_REMOTEABORTED;
} }
// TODO: FIX unprotected mode
if (bstate->mode==bmode_transfer && bstate->remote_data->options & BINKP_OPT_CRYPT) { if (bstate->mode==bmode_transfer && bstate->remote_data->options & BINKP_OPT_CRYPT) {
decrypt_buf(readbuf+read_pos, n, bstate->remote_data->keys_in); decrypt_buf(readbuf+read_pos, n, bstate->remote_data->keys_in);
} else { } else {
@ -520,27 +522,47 @@ case 3: // send password on outgoing or pw confirmation on incoming
case 4: case 4:
char *p;
char pbuf[32];
int pwset = 0;
if (bstate->mode==bmode_incoming_handshake) { if (bstate->mode==bmode_incoming_handshake) {
DEB((D_24554, "incoming handshake is complete")); DEB((D_24554, "incoming handshake is complete"));
bstate->complete = true; bstate->complete = true;
char *p;
char pbuf[32];
for (i=0;i<state.n_remoteaddr;i++) for (i=0;i<state.n_remoteaddr;i++)
if( !session_get_password(state.remoteaddrs[i].addr, pbuf, sizeof(pbuf)) ){ if( !session_get_password(state.remoteaddrs[i].addr, pbuf, sizeof(pbuf)) ){
pwset = 1;
init_keys(bstate->remote_data->keys_in, pbuf?pbuf:"-"); init_keys(bstate->remote_data->keys_in, pbuf?pbuf:"-");
init_keys(bstate->remote_data->keys_out, "-"); init_keys(bstate->remote_data->keys_out, "-");
for (p=pbuf?pbuf:"-"; *p; p++) for (p=pbuf?pbuf:"-"; *p; p++)
update_keys(bstate->remote_data->keys_out, (int)*p); update_keys(bstate->remote_data->keys_out, (int)*p);
} }
//TODO: FIX incoming options
} }
else { else {
//TODO: Fix outgoing options
DEB((D_24554, "outgoing handshake: everything is sent")); DEB((D_24554, "outgoing handshake: everything is sent"));
for (i=0;i<state.n_remoteaddr;i++)
if( !session_get_password(state.remoteaddrs[i].addr, pbuf, sizeof(pbuf)) ){
pwset = 1;
}
} }
// We have password-protected link. Remote options are already set,
// Now we determine how to CRYPT or not to CRYPT our file transfer
// Our CRYPT flag is always sent, so if the other side have CRYPT
// and link is password is set - The CRYPT must be
// Literally: if we have no pass -> drop the CRYPT flag
if ( !pwset ) {
DEB((D_24554, "binkp handshake: password NOT set, dropping CRYPT"));
bstate->remote_data->options &= !BINKP_OPT_CRYPT;
}
return 2; return 2;
} }
} }
else if (bstate->mode == bmode_transfer) { else if (bstate->mode == bmode_transfer) {
switch (bstate->phase) { switch (bstate->phase) {
send_next_file: send_next_file: