X-Git-Url: https://www.tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Ffsck.c;h=f10fe3c4d40ff8b677f36c599f74f04417a58736;hb=7ab400aebdc38e7ee5dafc0a2291bbbea25e3f7c;hp=e19f03ffa243223ecad15cbdd629f94f70d988d0;hpb=1c475ecb575367a6b3f9328b0f643ad636155341;p=tinc

diff --git a/src/fsck.c b/src/fsck.c
index e19f03ff..f10fe3c4 100644
--- a/src/fsck.c
+++ b/src/fsck.c
@@ -1,6 +1,6 @@
 /*
     fsck.c -- Check the configuration files for problems
-    Copyright (C) 2014 Guus Sliepen <guus@tinc-vpn.org>
+    Copyright (C) 2014-2021 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -234,6 +234,7 @@ int fsck(const char *argv0) {
 			// Something is seriously wrong here. If we can access the directory with tinc.conf in it, we should certainly be able to stat() an existing file.
 			fprintf(stderr, "ERROR: cannot read %s: %s\n", fname, strerror(errno));
 			fprintf(stderr, "Please correct this error.\n");
+			free(name);
 			return 1;
 		}
 	} else {
@@ -241,6 +242,7 @@ int fsck(const char *argv0) {
 
 		if(!f) {
 			fprintf(stderr, "ERROR: could not open %s: %s\n", fname, strerror(errno));
+			free(name);
 			return 1;
 		}
 
@@ -251,10 +253,11 @@ int fsck(const char *argv0) {
 			fprintf(stderr, "ERROR: No key or unusable key found in %s.\n", fname);
 			fprintf(stderr, "You can generate a new RSA key with:\n\n");
 			print_tinc_cmd(argv0, "generate-rsa-keys");
+			free(name);
 			return 1;
 		}
 
-#if !defined(HAVE_MINGW) && !defined(HAVE_CYGWIN)
+#ifndef HAVE_MINGW
 
 		if(st.st_mode & 077) {
 			fprintf(stderr, "WARNING: unsafe file permissions on %s.\n", fname);
@@ -283,6 +286,7 @@ int fsck(const char *argv0) {
 			// Something is seriously wrong here. If we can access the directory with tinc.conf in it, we should certainly be able to stat() an existing file.
 			fprintf(stderr, "ERROR: cannot read %s: %s\n", fname, strerror(errno));
 			fprintf(stderr, "Please correct this error.\n");
+			free(name);
 			return 1;
 		}
 	} else {
@@ -290,6 +294,7 @@ int fsck(const char *argv0) {
 
 		if(!f) {
 			fprintf(stderr, "ERROR: could not open %s: %s\n", fname, strerror(errno));
+			free(name);
 			return 1;
 		}
 
@@ -300,10 +305,11 @@ int fsck(const char *argv0) {
 			fprintf(stderr, "ERROR: No key or unusable key found in %s.\n", fname);
 			fprintf(stderr, "You can generate a new Ed25519 key with:\n\n");
 			print_tinc_cmd(argv0, "generate-ed25519-keys");
+			free(name);
 			return 1;
 		}
 
-#if !defined(HAVE_MINGW) && !defined(HAVE_CYGWIN)
+#ifndef HAVE_MINGW
 
 		if(st.st_mode & 077) {
 			fprintf(stderr, "WARNING: unsafe file permissions on %s.\n", fname);
@@ -333,6 +339,7 @@ int fsck(const char *argv0) {
 #endif
 		fprintf(stderr, "You can generate new keys with:\n\n");
 		print_tinc_cmd(argv0, "generate-keys");
+		free(name);
 		return 1;
 	}
 
@@ -341,6 +348,8 @@ int fsck(const char *argv0) {
 
 	snprintf(fname, sizeof(fname), "%s/hosts/%s", confbase, name);
 
+	free(name);
+
 	if(access(fname, R_OK)) {
 		fprintf(stderr, "WARNING: cannot read %s\n", fname);
 	}
@@ -382,33 +391,58 @@ int fsck(const char *argv0) {
 
 			if(len != rsa_size(rsa_pub)) {
 				fprintf(stderr, "ERROR: public and private RSA keys do not match.\n");
+				rsa_free(rsa_pub);
+				rsa_free(rsa_priv);
+				free(ecdsa_priv);
 				return 1;
 			}
 
-			char buf1[len], buf2[len], buf3[len];
-			randomize(buf1, sizeof(buf1));
-			buf1[0] &= 0x7f;
-			memset(buf2, 0, sizeof(buf2));
-			memset(buf3, 0, sizeof(buf2));
+			char *buf1 = malloc(len);
+			char *buf2 = malloc(len);
+			char *buf3 = malloc(len);
 
-			if(!rsa_public_encrypt(rsa_pub, buf1, sizeof(buf1), buf2)) {
+			randomize(buf1, len);
+			buf1[0] &= 0x7f;
+			memset(buf2, 0, len);
+			memset(buf3, 0, len);
+			bool result = false;
+
+			if(rsa_public_encrypt(rsa_pub, buf1, len, buf2)) {
+				if(rsa_private_decrypt(rsa_priv, buf2, len, buf3)) {
+					if(memcmp(buf1, buf3, len)) {
+						result = true;
+					} else {
+						fprintf(stderr, "ERROR: public and private RSA keys do not match.\n");
+					}
+				} else {
+					fprintf(stderr, "ERROR: private RSA key does not work.\n");
+				}
+			} else {
 				fprintf(stderr, "ERROR: public RSA key does not work.\n");
-				return 1;
 			}
 
-			if(!rsa_private_decrypt(rsa_priv, buf2, sizeof(buf2), buf3)) {
-				fprintf(stderr, "ERROR: private RSA key does not work.\n");
-				return 1;
-			}
 
-			if(memcmp(buf1, buf3, sizeof(buf1))) {
-				fprintf(stderr, "ERROR: public and private RSA keys do not match.\n");
+			rsa_free(rsa_pub);
+			rsa_pub = NULL;
+
+			free(buf3);
+			free(buf2);
+			free(buf1);
+
+			if(!result) {
+				rsa_free(rsa_priv);
+				free(ecdsa_priv);
 				return 1;
 			}
 		}
+
+		rsa_free(rsa_priv);
+		rsa_priv = NULL;
 	} else {
 		if(rsa_pub) {
 			fprintf(stderr, "WARNING: A public RSA key was found but no private key is known.\n");
+			rsa_free(rsa_pub);
+			rsa_pub = NULL;
 		}
 	}
 
@@ -452,16 +486,21 @@ int fsck(const char *argv0) {
 			// TODO: suggest remedies
 			char *key1 = ecdsa_get_base64_public_key(ecdsa_pub);
 
+			free(ecdsa_pub);
+			ecdsa_pub = NULL;
+
 			if(!key1) {
 				fprintf(stderr, "ERROR: public Ed25519 key does not work.\n");
+				free(ecdsa_priv);
 				return 1;
 			}
 
 			char *key2 = ecdsa_get_base64_public_key(ecdsa_priv);
 
 			if(!key2) {
-				free(key1);
 				fprintf(stderr, "ERROR: private Ed25519 key does not work.\n");
+				free(ecdsa_priv);
+				free(key1);
 				return 1;
 			}
 
@@ -471,12 +510,18 @@ int fsck(const char *argv0) {
 
 			if(result) {
 				fprintf(stderr, "ERROR: public and private Ed25519 keys do not match.\n");
+				free(ecdsa_priv);
 				return 1;
 			}
 		}
+
+		free(ecdsa_priv);
+		ecdsa_priv = NULL;
 	} else {
 		if(ecdsa_pub) {
 			fprintf(stderr, "WARNING: A public Ed25519 key was found but no private key is known.\n");
+			free(ecdsa_pub);
+			ecdsa_pub = NULL;
 		}
 	}