Skip to content

Commit 0b19548

Browse files
coadlercoadler
committed
Make authkey parsing more robust
1 parent ed82c9e commit 0b19548

File tree

2 files changed

+37
-23
lines changed

2 files changed

+37
-23
lines changed

cmd/wush/receive.go

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -25,8 +25,9 @@ import (
2525
func receiveCmd() *serpent.Command {
2626
var overlayType string
2727
return &serpent.Command{
28-
Use: "receive",
29-
Long: "Runs the wush server. Allows other wush CLIs to connect to this computer.",
28+
Use: "receive",
29+
Aliases: []string{"host"},
30+
Long: "Runs the wush server. Allows other wush CLIs to connect to this computer.",
3031
Handler: func(inv *serpent.Invocation) error {
3132
ctx := inv.Context()
3233
logger := slog.New(slog.NewTextHandler(io.Discard, nil))

overlay/auth.go

Lines changed: 34 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -54,37 +54,50 @@ func (ca *ClientAuth) AuthKey() string {
5454
}
5555

5656
func (ca *ClientAuth) Parse(authKey string) error {
57-
dec := cursor{
58-
b: base58.Decode(authKey),
59-
}
60-
6157
if len(authKey) == 0 {
6258
return errors.New("auth key should not be empty")
6359
}
6460

65-
ipLen := int(dec.next(1)[0])
61+
decr := bytes.NewReader(base58.Decode(authKey))
62+
63+
ipLenB, err := decr.ReadByte()
64+
if err != nil {
65+
return errors.New("read STUN ip len; invalid authkey")
66+
}
67+
68+
ipLen := int(ipLenB)
6669
if ipLen > 0 {
67-
stunIPBytes := dec.next(ipLen + 2)
68-
err := ca.ReceiverStunAddr.UnmarshalBinary(stunIPBytes)
70+
stunIPBytes := make([]byte, ipLen+2)
71+
n, err := decr.Read(stunIPBytes)
72+
if n != len(stunIPBytes) || err != nil {
73+
return errors.New("read STUN ip; invalid authkey")
74+
}
75+
76+
err = ca.ReceiverStunAddr.UnmarshalBinary(stunIPBytes)
6977
if err != nil {
7078
return fmt.Errorf("unmarshal receiver stun address: %w", err)
7179
}
7280
}
7381

74-
ca.ReceiverDERPRegionID = binary.BigEndian.Uint16(dec.next(2))
75-
76-
ca.ReceiverPublicKey = key.NodePublicFromRaw32(mem.B(dec.next(32)))
77-
ca.OverlayPrivateKey = key.NodePrivateFromRaw32(mem.B(dec.next(32)))
78-
return nil
79-
}
82+
derpRegionBytes := make([]byte, 2)
83+
n, err := decr.Read(derpRegionBytes)
84+
if n != len(derpRegionBytes) || err != nil {
85+
return errors.New("read derp region; invalid authkey")
86+
}
87+
ca.ReceiverDERPRegionID = binary.BigEndian.Uint16(derpRegionBytes)
8088

81-
type cursor struct {
82-
at int
83-
b []byte
84-
}
89+
pubKeyBytes := make([]byte, 32)
90+
n, err = decr.Read(pubKeyBytes)
91+
if n != len(pubKeyBytes) || err != nil {
92+
return errors.New("read receiver pubkey; invalid authkey")
93+
}
94+
ca.ReceiverPublicKey = key.NodePublicFromRaw32(mem.B(pubKeyBytes))
8595

86-
func (c *cursor) next(i int) []byte {
87-
ret := c.b[c.at : c.at+i]
88-
c.at += i
89-
return ret
96+
privKeyBytes := make([]byte, 32)
97+
n, err = decr.Read(privKeyBytes)
98+
if n != len(privKeyBytes) || err != nil {
99+
return errors.New("read overlay privkey; invalid authkey")
100+
}
101+
ca.OverlayPrivateKey = key.NodePrivateFromRaw32(mem.B(privKeyBytes))
102+
return nil
90103
}

0 commit comments

Comments
 (0)