network/command: verify payload checksum

The code was only checking for whole packet checksum. Now it is also checked whether the decrypted payload checksum matches.
manio · Aug 31, 2023 · 9280503 · 9280503
1 parent e31b4a3
commit 9280503
Showing 1 changed file with 11 additions and 1 deletion.
diff --git a/src/network/command.rs b/src/network/command.rs
@@ -136,7 +136,7 @@ impl CommandMessage {
         bytes[0x21] = 0;
 
         // Ensure that the checksums match
-        let real_checksum = checksum(&bytes);
+        let mut real_checksum = checksum(&bytes);
         if command_header.checksum != real_checksum {
             return Err(format!(
                 "Command checksum does not match actual checksum! Expected {} got {}",
@@ -152,6 +152,16 @@ impl CommandMessage {
         let decrypted = cipher.decrypt_vec(&bytes[0x38..])
             .expect("Could not decrypt command payload!");
 
+        // Ensure that the payload checksums match
+        real_checksum = checksum(&decrypted);
+        if command_header.payload_checksum != real_checksum {
+            return Err(format!(
+                "Payload checksum does not match actual checksum! Expected {} got {}",
+                real_checksum,
+                command_header.payload_checksum,
+            ));
+        }
+
         return Ok(decrypted);
     }
 }