Fix unprotected handshake options

2025-03-20 18:37:19 +03:00 · 2025-03-20 18:37:19 +03:00 · 4da486264b
commit 4da486264b
parent 25cfb143dc
1 changed files with 25 additions and 3 deletions
--- a/source/bforce/prot_binkp.c
+++ b/source/bforce/prot_binkp.c
@ -140,6 +140,7 @@ int binkp_loop(s_binkp_state *bstate) {
                    return PRC_ERROR;
                }
                writebuf[1] = block_length&0xff;
+                // TODO: FIX unprotected mode
                if (bstate->mode==bmode_transfer && bstate->remote_data->options&BINKP_OPT_CRYPT)
                    encrypt_buf(writebuf, have_to_write, bstate->remote_data->keys_out);
            }
@ -209,6 +210,7 @@ int binkp_loop(s_binkp_state *bstate) {
                log("read: remote socket shutdown");
                return PRC_REMOTEABORTED;
            }
+            // TODO: FIX unprotected mode
            if (bstate->mode==bmode_transfer && bstate->remote_data->options & BINKP_OPT_CRYPT) {
                decrypt_buf(readbuf+read_pos, n, bstate->remote_data->keys_in);
                } else {
@ -520,27 +522,47 @@ case 3: // send password on outgoing or pw confirmation on incoming


 case 4:
+        char *p;
+        char pbuf[32];
+        int pwset = 0;
+        
        if (bstate->mode==bmode_incoming_handshake) {
            DEB((D_24554, "incoming handshake is complete"));
            bstate->complete = true;
-            char *p;
-            char pbuf[32];
+            
            for (i=0;i<state.n_remoteaddr;i++)
                if( !session_get_password(state.remoteaddrs[i].addr, pbuf, sizeof(pbuf)) ){
+					pwset = 1;
                    init_keys(bstate->remote_data->keys_in, pbuf?pbuf:"-");
                    init_keys(bstate->remote_data->keys_out,  "-");
                    for (p=pbuf?pbuf:"-"; *p; p++)
                        update_keys(bstate->remote_data->keys_out, (int)*p);
                }
+            //TODO: FIX incoming options 
        }
        else {
+			//TODO: Fix outgoing options
            DEB((D_24554, "outgoing handshake: everything is sent"));
+            for (i=0;i<state.n_remoteaddr;i++)
+                if( !session_get_password(state.remoteaddrs[i].addr, pbuf, sizeof(pbuf)) ){
+                    pwset = 1;
+                }
+           
        }
+        // We have password-protected link. Remote options are already set,
+        // Now we determine how to CRYPT or not to CRYPT our file transfer
+        // Our CRYPT flag is always sent, so if the other side have CRYPT
+        // and link is password is set - The CRYPT must be
+        // Literally: if we have no pass -> drop the CRYPT flag
+        if ( !pwset ) {
+			DEB((D_24554, "binkp handshake: password NOT set, dropping CRYPT"));
+			bstate->remote_data->options &= !BINKP_OPT_CRYPT;	
+		}
        return 2;
        }

    }
-    else if (bstate->mode == bmode_transfer) {
+else if (bstate->mode == bmode_transfer) {

        switch (bstate->phase) {
            send_next_file: