From fda74a8454a028c9ec063f0074062e19fd25f7e7 Mon Sep 17 00:00:00 2001
From: irungentoo <irungentoo@gmail.com>
Date: Fri, 20 Apr 2018 07:40:43 -0400
Subject: [PATCH] Restrict packet kinds that can be sent through onion path.

Taken from:
https://github.com/TokTok/c-toxcore/commit/6b97acb773622f9abca5ef305cd55bdef1ecc484
---
 auto_tests/onion_test.c | 18 +++++++++---------
 toxcore/onion.c         | 24 ++++++++++++++++++++++++
 2 files changed, 33 insertions(+), 9 deletions(-)

diff --git a/auto_tests/onion_test.c b/auto_tests/onion_test.c
index 5d59ab9b..632108f7 100644
--- a/auto_tests/onion_test.c
+++ b/auto_tests/onion_test.c
@@ -34,11 +34,11 @@ static int handle_test_1(void *object, IP_Port source, const uint8_t *packet, ui
 {
     Onion *onion = object;
 
-    if (memcmp(packet, "Install Gentoo", sizeof("Install Gentoo")) != 0)
+    if (memcmp(packet, "\x83 Install Gentoo", sizeof("\x83 Install Gentoo")) != 0)
         return 1;
 
-    if (send_onion_response(onion->net, source, (uint8_t *)"install gentoo", sizeof("install gentoo"),
-                            packet + sizeof("Install Gentoo")) == -1)
+    if (send_onion_response(onion->net, source, (uint8_t *)"\x84 install gentoo", sizeof("\x84 install gentoo"),
+                            packet + sizeof("\x83 Install Gentoo")) == -1)
         return 1;
 
     handled_test_1 = 1;
@@ -48,10 +48,10 @@ static int handle_test_1(void *object, IP_Port source, const uint8_t *packet, ui
 static int handled_test_2;
 static int handle_test_2(void *object, IP_Port source, const uint8_t *packet, uint16_t length)
 {
-    if (length != sizeof("install Gentoo"))
+    if (length != sizeof("\x84 install Gentoo"))
         return 1;
 
-    if (memcmp(packet, (uint8_t *)"install gentoo", sizeof("install gentoo")) != 0)
+    if (memcmp(packet, (uint8_t *)"\x84 install gentoo", sizeof("\x84 install gentoo")) != 0)
         return 1;
 
     handled_test_2 = 1;
@@ -134,7 +134,7 @@ START_TEST(test_basic)
     Onion *onion1 = new_onion(new_DHT(new_networking(ip, 34567)));
     Onion *onion2 = new_onion(new_DHT(new_networking(ip, 34568)));
     ck_assert_msg((onion1 != NULL) && (onion2 != NULL), "Onion failed initializing.");
-    networking_registerhandler(onion2->net, 'I', &handle_test_1, onion2);
+    networking_registerhandler(onion2->net, NET_PACKET_ANNOUNCE_REQUEST, &handle_test_1, onion2);
 
     IP_Port on1 = {ip, onion1->net->port};
     Node_format n1;
@@ -153,8 +153,8 @@ START_TEST(test_basic)
     nodes[3] = n2;
     Onion_Path path;
     create_onion_path(onion1->dht, &path, nodes);
-    int ret = send_onion_packet(onion1->net, &path, nodes[3].ip_port, (uint8_t *)"Install Gentoo",
-                                sizeof("Install Gentoo"));
+    int ret = send_onion_packet(onion1->net, &path, nodes[3].ip_port, (uint8_t *)"\x83 Install Gentoo",
+                                sizeof("\x83 Install Gentoo"));
     ck_assert_msg(ret == 0, "Failed to create/send onion packet.");
 
     handled_test_1 = 0;
@@ -164,7 +164,7 @@ START_TEST(test_basic)
         do_onion(onion2);
     }
 
-    networking_registerhandler(onion1->net, 'i', &handle_test_2, onion1);
+    networking_registerhandler(onion1->net, NET_PACKET_ANNOUNCE_RESPONSE, &handle_test_2, onion1);
     handled_test_2 = 0;
 
     while (handled_test_2 == 0) {
diff --git a/toxcore/onion.c b/toxcore/onion.c
index cec178b9..2bed5821 100644
--- a/toxcore/onion.c
+++ b/toxcore/onion.c
@@ -438,6 +438,15 @@ static int handle_send_2(void *object, IP_Port source, const uint8_t *packet, ui
     if (len != length - (1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + RETURN_2 + crypto_box_MACBYTES))
         return 1;
 
+    if (len <= SIZE_IPPORT) {
+        return 1;
+    }
+
+    if (plain[SIZE_IPPORT] != NET_PACKET_ANNOUNCE_REQUEST &&
+            plain[SIZE_IPPORT] != NET_PACKET_ONION_DATA_REQUEST) {
+        return 1;
+    }
+
     IP_Port send_to;
 
     if (ipport_unpack(&send_to, plain, len, 0) == -1)
@@ -476,6 +485,11 @@ static int handle_recv_3(void *object, IP_Port source, const uint8_t *packet, ui
     if (length <= 1 + RETURN_3)
         return 1;
 
+    if (packet[1 + RETURN_3] != NET_PACKET_ANNOUNCE_RESPONSE &&
+            packet[1 + RETURN_3] != NET_PACKET_ONION_DATA_RESPONSE) {
+        return 1;
+    }
+
     change_symmetric_key(onion);
 
     uint8_t plain[SIZE_IPPORT + RETURN_2];
@@ -512,6 +526,11 @@ static int handle_recv_2(void *object, IP_Port source, const uint8_t *packet, ui
     if (length <= 1 + RETURN_2)
         return 1;
 
+    if (packet[1 + RETURN_2] != NET_PACKET_ANNOUNCE_RESPONSE &&
+            packet[1 + RETURN_2] != NET_PACKET_ONION_DATA_RESPONSE) {
+        return 1;
+    }
+
     change_symmetric_key(onion);
 
     uint8_t plain[SIZE_IPPORT + RETURN_1];
@@ -548,6 +567,11 @@ static int handle_recv_1(void *object, IP_Port source, const uint8_t *packet, ui
     if (length <= 1 + RETURN_1)
         return 1;
 
+    if (packet[1 + RETURN_1] != NET_PACKET_ANNOUNCE_RESPONSE &&
+            packet[1 + RETURN_1] != NET_PACKET_ONION_DATA_RESPONSE) {
+        return 1;
+    }
+
     change_symmetric_key(onion);
 
     uint8_t plain[SIZE_IPPORT];