milkway: validate the checksum

1 files changed, 17 insertions, 7 deletions

diff --git a/milkway/mw-crypt.c b/milkway/mw-crypt.c
index d1e6f86..33b3202 100644
--- a/milkway/mw-crypt.c
+++ b/milkway/mw-crypt.c
@@ -119,11 +119,13 @@ mw_decrypt(const char *in, size_t inlen,
 	   char *out, size_t outlen)
 {
     const char *s = in;
-    const char *checksum;
     const char *magic;
+    char *dst = out;
     unsigned char lsb_size;
     char mode;
     size_t encoded_size;
+    mw_checksum_t *checksum;
+    char digest[16];
 
     if (inlen < MW_CRYPTO_HEADER_SIZE)
 	return MW_TOO_SMALL;
@@ -133,7 +135,7 @@ mw_decrypt(const char *in, size_t inlen,
 	return MW_INVALID;
     s += 16;
 
-    checksum = s;
+    /* checksum */
     s += 16;
 
     lsb_size = s[0];
@@ -165,20 +167,28 @@ mw_decrypt(const char *in, size_t inlen,
 	while (s < in + MW_CRYPTO_HEADER_SIZE + encoded_size) {
 	    if (s + 8 < in + inlen) {
 		BlowfishEcbDecrypt(&ctx, (const unsigned char*)s,
-				   (unsigned char*)out);
+				   (unsigned char*)dst);
 		s += 8;
-		out += 8;
+		dst += 8;
 	    } else {
 		size_t left = in + inlen - s;
 
-		memcpy(out, s, left);
+		memcpy(dst, s, left);
 		s += left;
-		out += left;
+		dst += left;
 	    }
 	}
     } else {
 	mw_base32_decode(s, encoded_size, out, &outlen);
+	dst += mw_base32_decode_length(encoded_size);
     }
 
-    return encoded_size;
+    checksum = mw_checksum_new(MW_CHECKSUM_MD5);
+    mw_checksum_update(checksum, out, dst - out);
+    mw_checksum_get_digest(checksum, digest, 16);
+    mw_checksum_destroy(checksum);
+
+    if (memcmp(digest, in + 16, 16))
+	return MW_INVALID;
+    return dst - out;
 }