doing replay protection before learning remote host

added some length checks for incoming packets

1 files changed, 13 insertions, 8 deletions

diff --git a/src/anytun.cpp b/src/anytun.cpp
index a2d7f05..47d2cb6 100644
--- a/src/anytun.cpp
+++ b/src/anytun.cpp
@@ -258,6 +258,8 @@ void receiver(void* p)
       
           // read packet from socket
       u_int32_t len = param->src.recv(encrypted_packet.getBuf(), encrypted_packet.getLength(), remote_end);
+      if(len < EncryptedPacket::getHeaderLength())
+        continue; // ignore short packets
       encrypted_packet.setLength(len);
       
       mux_t mux = encrypted_packet.getMux();
@@ -279,6 +281,14 @@ void receiver(void* p)
         continue;
       }        
 
+          // Replay Protection
+      if(conn.seq_window_.checkAndAdd(encrypted_packet.getSenderId(), encrypted_packet.getSeqNr()))
+      {
+        cLog.msg(Log::PRIO_NOTICE) << "Replay attack from " << conn.remote_end_ 
+                                   << " seq:"<< encrypted_packet.getSeqNr() << " sid: "<< encrypted_packet.getSenderId();
+        continue;
+      }
+      
           //Allow dynamic IP changes 
           //TODO: add command line option to turn this off
       if (remote_end != conn.remote_end_)
@@ -290,15 +300,10 @@ void receiver(void* p)
         gSyncQueue.push(sc);
 #endif
       }	
-      
-          // Replay Protection
-      if(conn.seq_window_.checkAndAdd(encrypted_packet.getSenderId(), encrypted_packet.getSeqNr()))
-      {
-        cLog.msg(Log::PRIO_NOTICE) << "Replay attack from " << conn.remote_end_ 
-                                   << " seq:"<< encrypted_packet.getSeqNr() << " sid: "<< encrypted_packet.getSenderId();
+         // ignore zero length packets
+      if(encrypted_packet.getPayloadLength() <= PlainPacket::getHeaderLength())
         continue;
-      }
-      
+
           // decrypt packet
       c->decrypt(conn.kd_, encrypted_packet, plain_packet);