Skip to content

UDP obfuscation applied when crypt layer is disabled — IsCryptLayerEnabled() guard missing

Summary

CClientUDPSocket::SendPacket() and SendControlData() both evaluated bEncrypt without first checking thePrefs.IsCryptLayerEnabled(). When the user disabled the crypt layer via Preferences, UDP packets could still be flagged for encryption, causing:

  • Sending obfuscated UDP packets to peers that expect plain traffic
  • Potential interoperability failures with non-encrypting peers
  • User-visible bug: disabling "Encryption" in Preferences had no effect on UDP path

This was a logic error: the TCP send path correctly checks IsCryptLayerEnabled() before setting the encrypt flag, but the UDP path was missing the corresponding guard.

Location

srchybrid/ClientUDPSocket.cpp — two sites:

SendPacket() (packet enqueue path):

// Before — no guard:
newpending->bEncrypt = bEncrypt
    && (pachTargetClientHashORKadID != NULL || (bKad && nReceiverVerifyKey != 0));

// After — IsCryptLayerEnabled() guard:
newpending->bEncrypt = thePrefs.IsCryptLayerEnabled()
    && bEncrypt
    && (pachTargetClientHashORKadID != NULL || (bKad && nReceiverVerifyKey != 0));

SendControlData() (packet dequeue + send path):

// Before — no guard:
int iLen = cur_packet->bEncrypt && (theApp.GetPublicIP() > 0 || cur_packet->bKad)
    ? EncryptOverheadSize(cur_packet->bKad) : 0;

// After — IsCryptLayerEnabled() guard:
int iLen = cur_packet->bEncrypt && thePrefs.IsCryptLayerEnabled()
    && (theApp.GetPublicIP() > 0 || cur_packet->bKad)
    ? EncryptOverheadSize(cur_packet->bKad) : 0;

Fix

Applied in eMule-main commit 06eaefe Guard UDP obfuscation when crypt layer is disabled (2026-04-09). One-line change per site.

Files changed: srchybrid/ClientUDPSocket.cpp — 4 insertions, 2 deletions

Relationship to BUG-005

BUG-005 (Kad buddy connections broken when RequireCrypt is enabled) is a distinct problem: RequireCrypt rejects peers that cannot negotiate encryption. This bug (BUG-016) is the inverse: the crypt layer being disabled did not prevent encryption from being applied.

Verification

  • Community-0.72 (irwir) did NOT have this fix as of commit 24d1de7 (Jan 2026) — their ClientUDPSocket.cpp still lacked the IsCryptLayerEnabled() check.
  • eMuleAI does not appear to have this fix in its version.
  • Fix is unique to this development branch.