Prevent a few potential panics

This commit is contained in:
Roderick van Domburg 2021-12-29 23:15:08 +01:00
parent e51f475a00
commit 9b6e02fa0d
No known key found for this signature in database
GPG key ID: A9EF5222A26F0451
4 changed files with 15 additions and 3 deletions

View file

@ -15,6 +15,8 @@ use crate::{protocol::authentication::AuthenticationType, Error};
pub enum AuthenticationError { pub enum AuthenticationError {
#[error("unknown authentication type {0}")] #[error("unknown authentication type {0}")]
AuthType(u32), AuthType(u32),
#[error("invalid key")]
Key,
} }
impl From<AuthenticationError> for Error { impl From<AuthenticationError> for Error {
@ -90,6 +92,10 @@ impl Credentials {
let key = { let key = {
let mut key = [0u8; 24]; let mut key = [0u8; 24];
if key.len() < 20 {
return Err(AuthenticationError::Key.into());
}
pbkdf2::<Hmac<Sha1>>(&secret, username.as_bytes(), 0x100, &mut key[0..20]); pbkdf2::<Hmac<Sha1>>(&secret, username.as_bytes(), 0x100, &mut key[0..20]);
let hash = &Sha1::digest(&key[..20]); let hash = &Sha1::digest(&key[..20]);

View file

@ -448,6 +448,7 @@ async fn connect(
e = keep_flushing(&mut ws_tx) => { e = keep_flushing(&mut ws_tx) => {
break Err(e) break Err(e)
} }
else => (),
} }
}; };

View file

@ -107,9 +107,14 @@ impl RequestHandler {
let client_key = base64::decode(client_key.as_bytes())?; let client_key = base64::decode(client_key.as_bytes())?;
let shared_key = self.keys.shared_secret(&client_key); let shared_key = self.keys.shared_secret(&client_key);
let encrypted_blob_len = encrypted_blob.len();
if encrypted_blob_len < 16 {
return Err(DiscoveryError::HmacError(encrypted_blob.to_vec()).into());
}
let iv = &encrypted_blob[0..16]; let iv = &encrypted_blob[0..16];
let encrypted = &encrypted_blob[16..encrypted_blob.len() - 20]; let encrypted = &encrypted_blob[16..encrypted_blob_len - 20];
let cksum = &encrypted_blob[encrypted_blob.len() - 20..encrypted_blob.len()]; let cksum = &encrypted_blob[encrypted_blob_len - 20..encrypted_blob_len];
let base_key = Sha1::digest(&shared_key); let base_key = Sha1::digest(&shared_key);
let base_key = &base_key[..16]; let base_key = &base_key[..16];