diff options
author | Christian Pointner <equinox@anytun.org> | 2014-02-10 01:28:44 +0000 |
---|---|---|
committer | Christian Pointner <equinox@anytun.org> | 2014-02-10 01:28:44 +0000 |
commit | 5c9ae52239d7185b98a3eed64899fbce73942706 (patch) | |
tree | 1345cd67050923502ff1ec97966f19907e3dc734 /src/uanytun.c | |
parent | improved handling of sequence numbers (only increment if packet is sent) (diff) |
moved less invasive check for mux value to the top
Diffstat (limited to 'src/uanytun.c')
-rw-r--r-- | src/uanytun.c | 16 |
1 files changed, 7 insertions, 9 deletions
diff --git a/src/uanytun.c b/src/uanytun.c index 5b30b54..edb0bfe 100644 --- a/src/uanytun.c +++ b/src/uanytun.c @@ -153,13 +153,17 @@ int process_sock_data(tun_device_t* dev, int fd, udp_t* sock, options_t* opt, pl if(len == -1) { log_printf(ERROR, "error on receiving udp packet: %s", strerror(errno)); return 0; - } - else if(len < encrypted_packet_get_minimum_length(encrypted_packet)) { + } else if(len < encrypted_packet_get_minimum_length(encrypted_packet)) { log_printf(WARNING, "received packet is too short"); return 0; } encrypted_packet_set_length(encrypted_packet, len); + if(encrypted_packet_get_mux(encrypted_packet) != opt->mux_) { + log_printf(WARNING, "wrong mux value, discarding packet"); + return 0; + } + #ifndef NO_CRYPT if(!auth_algo_check_tag(aa, kd, kd_inbound, encrypted_packet)) { log_printf(WARNING, "wrong authentication tag, discarding packet"); @@ -167,17 +171,11 @@ int process_sock_data(tun_device_t* dev, int fd, udp_t* sock, options_t* opt, pl } #endif - if(encrypted_packet_get_mux(encrypted_packet) != opt->mux_) { - log_printf(WARNING, "wrong mux value, discarding packet"); - return 0; - } - int result = seq_win_check_and_add(seq_win, encrypted_packet_get_sender_id(encrypted_packet), encrypted_packet_get_seq_nr(encrypted_packet)); if(result > 0) { log_printf(WARNING, "detected replay attack, discarding packet"); return 0; - } - else if(result < 0) { + } else if(result < 0) { log_printf(ERROR, "memory error at sequence window"); return -2; } |