UFTP 5.0.1 - server crash when CLIENT_KEY arrives after lost REGISTER

Encrypted UDP based FTP with multicast

Brought to you by: dennisbush

UFTP 5.0.1 - server crash when CLIENT_KEY arrives after lost REGISTER

Forum: General Discussion

Creator: Vít Lapka

Created: 2023-10-19

Updated: 2023-11-09

Vít Lapka - 2023-10-19

Hello,
while testing with multiple clients and on a more congested network, we have run into crashes of UFTP server in Announce phase (with a closed group). This was caused by REGISTER packet from client being lost in the network, but CLIENT_KEY packet arriving. In that case the server attempted to decrypt CLIENT_KEY but had no encryption context allocated (normally done on receiving REGISTER), leading to the crash (a memory violation).

I have made a fix by adding a check in server_phase.c:handle_announce_phase() to reject encrypted packets from unregistered clients (see the attached patch). This seems to have resolved the crashing.

With regards
Vít Lapka

05_uftp-5.0.1_server_lost_REGISTER.patch

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dennis Bush - 2023-11-09

Vit,

Thanks for catching this. I've just released version 5.0.2 to address this issue as well as some memory leaks recently uncovered.

Regards,
Dennis

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.