From 0be1878d384540d2e6fe4686357f79a91b1c0ac3 Mon Sep 17 00:00:00 2001
From: Mark Puha <marko10@inf.elte.hu>
Date: Mon, 11 Sep 2023 07:28:53 +0200
Subject: [PATCH] add boundary checks before junk prepend&send

Signed-off-by: Mark Puha <marko10@inf.elte.hu>
---
 device/send.go | 24 ++++++++++++++++--------
 device/uapi.go |  9 +++++++++
 2 files changed, 25 insertions(+), 8 deletions(-)

diff --git a/device/send.go b/device/send.go
index 8691f76..15d0a14 100644
--- a/device/send.go
+++ b/device/send.go
@@ -133,14 +133,16 @@ func (peer *Peer) SendHandshakeInitiation(isRetry bool) error {
 			peer.device.log.Errorf("%v - %v", peer, err)
 			return err
 		}
-		buf := make([]byte, 0, peer.device.aSecCfg.initPacketJunkSize)
-		writer := bytes.NewBuffer(buf[:0])
-		err = appendJunk(writer, peer.device.aSecCfg.initPacketJunkSize)
-		if err != nil {
-			peer.device.log.Errorf("%v - %v", peer, err)
-			return err
+		if peer.device.aSecCfg.initPacketJunkSize != 0 {
+			buf := make([]byte, 0, peer.device.aSecCfg.initPacketJunkSize)
+			writer := bytes.NewBuffer(buf[:0])
+			err = appendJunk(writer, peer.device.aSecCfg.initPacketJunkSize)
+			if err != nil {
+				peer.device.log.Errorf("%v - %v", peer, err)
+				return err
+			}
+			junkedHeader = writer.Bytes()
 		}
-		junkedHeader = writer.Bytes()
 	}
 	var buf [MessageInitiationSize]byte
 	writer := bytes.NewBuffer(buf[:0])
@@ -182,7 +184,9 @@ func (peer *Peer) SendHandshakeResponse() error {
 		return err
 	}
 	var junkedHeader []byte
-	if peer.device.isAdvancedSecurityOn() {
+	if peer.device.isAdvancedSecurityOn() &&
+		peer.device.aSecCfg.responsePacketJunkSize != 0 {
+
 		buf := make([]byte, 0, peer.device.aSecCfg.responsePacketJunkSize)
 		writer := bytes.NewBuffer(buf[:0])
 		err = appendJunk(writer, peer.device.aSecCfg.responsePacketJunkSize)
@@ -471,6 +475,10 @@ top:
 }
 
 func (peer *Peer) sendJunkPackets() error {
+	if peer.device.aSecCfg.junkPacketCount == 0 {
+		return nil
+	}
+
 	junks := make([][]byte, 0, peer.device.aSecCfg.junkPacketCount)
 	for i := 0; i < peer.device.aSecCfg.junkPacketCount; i++ {
 		packetSize := rand.Intn(
diff --git a/device/uapi.go b/device/uapi.go
index acec80a..f6a0e5b 100644
--- a/device/uapi.go
+++ b/device/uapi.go
@@ -303,6 +303,7 @@ func (device *Device) handleDeviceLine(key, value string) error {
 		}
 		device.log.Verbosef("UAPI: Removing all peers")
 		device.RemoveAllPeers()
+		
 	case "jc":
 		junkPacketCount, err := strconv.Atoi(value)
 		if err != nil {
@@ -319,6 +320,7 @@ func (device *Device) handleDeviceLine(key, value string) error {
 		device.log.Verbosef("UAPI: Updating junk_packet_count")
 		device.aSecCfg.isOn = true
 		device.aSecCfg.junkPacketCount = junkPacketCount
+		
 	case "jmin":
 		junkPacketMinSize, err := strconv.Atoi(value)
 		if err != nil {
@@ -331,6 +333,7 @@ func (device *Device) handleDeviceLine(key, value string) error {
 		device.log.Verbosef("UAPI: Updating junk_packet_min_size")
 		device.aSecCfg.isOn = true
 		device.aSecCfg.junkPacketMinSize = junkPacketMinSize
+		
 	case "jmax":
 		junkPacketMaxSize, err := strconv.Atoi(value)
 		if err != nil {
@@ -350,6 +353,7 @@ func (device *Device) handleDeviceLine(key, value string) error {
 		device.log.Verbosef("UAPI: Updating junk_packet_max_size")
 		device.aSecCfg.isOn = true
 		device.aSecCfg.junkPacketMaxSize = junkPacketMaxSize
+		
 	case "s1":
 		initPacketJunkSize, err := strconv.Atoi(value)
 		if err != nil {
@@ -370,6 +374,7 @@ func (device *Device) handleDeviceLine(key, value string) error {
 		device.log.Verbosef("UAPI: Updating init_packet_junk_size")
 		device.aSecCfg.isOn = true
 		device.aSecCfg.initPacketJunkSize = initPacketJunkSize
+		
 	case "s2":
 		responsePacketJunkSize, err := strconv.Atoi(value)
 		if err != nil {
@@ -391,6 +396,7 @@ func (device *Device) handleDeviceLine(key, value string) error {
 		device.aSecCfg.isOn = true
 		device.aSecCfg.responsePacketJunkSize = responsePacketJunkSize
 
+		
 	case "h1":
 		initPacketMagicHeader, err := strconv.ParseUint(value, 10, 32)
 		if err != nil {
@@ -403,6 +409,7 @@ func (device *Device) handleDeviceLine(key, value string) error {
 		device.log.Verbosef("UAPI: Updating init_packet_magic_header")
 		device.aSecCfg.isOn = true
 		device.aSecCfg.initPacketMagicHeader = uint32(initPacketMagicHeader)
+		
 	case "h2":
 		responsePacketMagicHeader, err := strconv.ParseUint(value, 10, 32)
 		if err != nil {
@@ -417,6 +424,7 @@ func (device *Device) handleDeviceLine(key, value string) error {
 		device.aSecCfg.responsePacketMagicHeader = uint32(
 			responsePacketMagicHeader,
 		)
+		
 	case "h3":
 		underloadPacketMagicHeader, err := strconv.ParseUint(value, 10, 32)
 		if err != nil {
@@ -431,6 +439,7 @@ func (device *Device) handleDeviceLine(key, value string) error {
 		device.aSecCfg.underloadPacketMagicHeader = uint32(
 			underloadPacketMagicHeader,
 		)
+		
 	case "h4":
 		transportPacketMagicHeader, err := strconv.ParseUint(value, 10, 32)
 		if err != nil {