Added token padding bounds check and error response

2026-03-21 18:04:11 -05:00 · 2023-06-12 16:26:03 -04:00 · 2023-06-12 16:26:03 -04:00 · 4a98796b05
commit 4a98796b05
parent 520c3a4f3a
2 changed files with 29 additions and 22 deletions
--- a/nex/account-management/nintendo_create_account.go
+++ b/nex/account-management/nintendo_create_account.go
@ -20,6 +20,8 @@ func NintendoCreateAccount(err error, client *nex.Client, callID uint32, strPrin
 		globals.Logger.Critical(err.Error())
 	}

+	rmcResponse := nex.NewRMCResponse(account_management.ProtocolID, callID)
+
 	var tokenBase64 string

 	oAuthDataType := oAuthData.TypeName()
@ -41,30 +43,29 @@ func NintendoCreateAccount(err error, client *nex.Client, callID uint32, strPrin

 	decryptedToken, err := utility.DecryptToken(encryptedToken)
 	if err != nil {
-		// TODO: Handle error
-		globals.Logger.Critical(err.Error())
+		globals.Logger.Error(err.Error())
+		rmcResponse.SetError(nex.Errors.Authentication.TokenParseError)
+	} else {
+		pid := decryptedToken.UserPID
+
+		pidByteArray := make([]byte, 4)
+		binary.LittleEndian.PutUint32(pidByteArray, pid)
+
+		mac := hmac.New(md5.New, []byte(strKey))
+		mac.Write(pidByteArray)
+
+		pidHmac := hex.EncodeToString(mac.Sum(nil))
+
+		rmcResponseStream := nex.NewStreamOut(globals.NEXServer)
+
+		rmcResponseStream.WriteUInt32LE(pid)
+		rmcResponseStream.WriteString(pidHmac)
+
+		rmcResponseBody := rmcResponseStream.Bytes()
+
+		rmcResponse.SetSuccess(account_management.MethodNintendoCreateAccount, rmcResponseBody)
 	}

-	pid := decryptedToken.UserPID
-
-	pidByteArray := make([]byte, 4)
-	binary.LittleEndian.PutUint32(pidByteArray, pid)
-
-	mac := hmac.New(md5.New, []byte(strKey))
-	mac.Write(pidByteArray)
-
-	pidHmac := hex.EncodeToString(mac.Sum(nil))
-
-	rmcResponseStream := nex.NewStreamOut(globals.NEXServer)
-
-	rmcResponseStream.WriteUInt32LE(pid)
-	rmcResponseStream.WriteString(pidHmac)
-
-	rmcResponseBody := rmcResponseStream.Bytes()
-
-	rmcResponse := nex.NewRMCResponse(account_management.ProtocolID, callID)
-	rmcResponse.SetSuccess(account_management.MethodNintendoCreateAccount, rmcResponseBody)
-
 	rmcResponseBytes := rmcResponse.Bytes()

 	responsePacket, _ := nex.NewPacketV0(client, nil)
--- a/utility/crypto.go
+++ b/utility/crypto.go
@ -6,6 +6,7 @@ import (
 	"crypto/cipher"
 	"encoding/binary"
 	"errors"
+	"fmt"
 	"hash/crc32"

 	"github.com/PretendoNetwork/friends-secure/globals"
@ -28,6 +29,11 @@ func DecryptToken(encryptedToken []byte) (*types.NEXToken, error) {
 	mode.CryptBlocks(decrypted, encryptedBody)

 	paddingSize := int(decrypted[len(decrypted)-1])
+
+	if paddingSize < 0 || paddingSize >= len(decrypted) {
+		return nil, fmt.Errorf("Invalid padding size %d for token %x", paddingSize, encryptedToken)
+	}
+
 	decrypted = decrypted[:len(decrypted)-paddingSize]

 	table := crc32.MakeTable(crc32.IEEE)