[freenet-cvs] r15519 - trunk/freenet/src/freenet/node
nextgens at freenetproject.org
nextgens at freenetproject.org
Wed Oct 24 09:26:37 UTC 2007
Author: nextgens
Date: 2007-10-24 09:26:37 +0000 (Wed, 24 Oct 2007)
New Revision: 15519
Modified:
trunk/freenet/src/freenet/node/FNPPacketMangler.java
Log:
Untested patch adding the DH-validity test to StS
Modified: trunk/freenet/src/freenet/node/FNPPacketMangler.java
===================================================================
--- trunk/freenet/src/freenet/node/FNPPacketMangler.java 2007-10-24 09:19:44 UTC (rev 15518)
+++ trunk/freenet/src/freenet/node/FNPPacketMangler.java 2007-10-24 09:26:37 UTC (rev 15519)
@@ -495,7 +495,7 @@
if(DiffieHellman.checkDHExponentialValidity(this.getClass(), _hisExponential)) {
sendJFKMessage2(nonceInitiator, hisExponential, pn, replyTo);
}else
- Logger.error(this, "We can't accept the exponential "+pn+" sent us!!");
+ Logger.error(this, "We can't accept the exponential "+pn+" sent us!! REDFLAG: IT CAN'T HAPPEN UNLESS AGAINST AN ACTIVE ATTACKER!!");
long t2=System.currentTimeMillis();
if((t2-t1)>500)
@@ -672,7 +672,7 @@
}
if(!DiffieHellman.checkDHExponentialValidity(this.getClass(), _hisExponential)) {
- Logger.error(this, "We can't accept the exponential "+pn+" sent us!!");
+ Logger.error(this, "We can't accept the exponential "+pn+" sent us!! REDFLAG: IT CAN'T HAPPEN UNLESS AGAINST AN ACTIVE ATTACKER!!");
return;
}
@@ -1486,6 +1486,10 @@
byte[] aAsBytes = new byte[length];
System.arraycopy(payload, 3, aAsBytes, 0, length);
NativeBigInteger a = new NativeBigInteger(1, aAsBytes);
+ if(!DiffieHellman.checkDHExponentialValidity(this.getClass(), a)) {
+ Logger.error(this, "We can't accept the exponential the other end sent us!!");
+ return null;
+ }
DiffieHellmanContext ctx;
if(phase == 1) {
ctx = (DiffieHellmanContext) pn.getKeyAgreementSchemeContext();
More information about the cvs
mailing list