Incopatible protocol fix! Include message type code under MAC tag to prevent

[tripe] / peer.c

diff --git a/peer.c b/peer.c
index 9a2fc5918f66258eec3903f8d3b219184363a736..e9fd280ce665df81fe6e999093dbe8e67434a4be 100644 (file)
--- a/peer.c
+++ b/peer.c
@@ -1,6 +1,6 @@
 /* -*-c-*-
  *
 /* -*-c-*-
  *

- * $Id: peer.c,v 1.8 2003/05/16 12:09:03 mdw Exp $
+ * $Id: peer.c,v 1.9 2003/07/13 11:19:49 mdw Exp $

  *
  * Communication with the peer
  *
  *
  * Communication with the peer
  *


@@ -29,6 +29,10 @@
 /*----- Revision history --------------------------------------------------* 
  *
  * $Log: peer.c,v $
 /*----- Revision history --------------------------------------------------* 
  *
  * $Log: peer.c,v $

+ * Revision 1.9  2003/07/13 11:19:49  mdw
+ * Incopatible protocol fix!  Include message type code under MAC tag to prevent
+ * cut-and-paste from key-exchange messages to general packet transport.
+ *

  * Revision 1.8  2003/05/16 12:09:03  mdw
  * Allow binding to a chosen address.
  *
  * Revision 1.8  2003/05/16 12:09:03  mdw
  * Allow binding to a chosen address.
  *


@@ -135,7 +139,7 @@ found:
        return;
       }
       buf_init(&bb, buf_o, sizeof(buf_o));
        return;
       }
       buf_init(&bb, buf_o, sizeof(buf_o));

-      if (ksl_decrypt(&p->ks, &b, &bb)) {
+      if (ksl_decrypt(&p->ks, MSG_PACKET, &b, &bb)) {

        p->st.n_reject++;
        a_warn("couldn't decrypt inbound packet from `%s'", p->name);
        return;
        p->st.n_reject++;
        a_warn("couldn't decrypt inbound packet from `%s'", p->name);
        return;


@@ -218,7 +222,7 @@ void p_tun(peer *p, buf *b)
   buf *bb = p_txstart(p, MSG_PACKET);
 
   TIMER;
   buf *bb = p_txstart(p, MSG_PACKET);
 
   TIMER;

-  if (ksl_encrypt(&p->ks, b, bb))
+  if (ksl_encrypt(&p->ks, MSG_PACKET, b, bb))

     kx_start(&p->kx);
   if (BOK(bb) && BLEN(bb)) {
     p->st.n_ipout++;
     kx_start(&p->kx);
   if (BOK(bb) && BLEN(bb)) {
     p->st.n_ipout++;