X-Git-Url: https://www.tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Finvitation.c;h=c008be2ac7a6c7d2cbbca62d1845b040716a723d;hb=0fe69908838248c28624beb540257892db6bdcbd;hp=e70a0ec8fe0c21ac811501c3dfe25189693ff879;hpb=b2701c7c54b11cda71461c5dbbc985476bf5b221;p=tinc

diff --git a/src/invitation.c b/src/invitation.c
index e70a0ec8..c008be2a 100644
--- a/src/invitation.c
+++ b/src/invitation.c
@@ -1,6 +1,6 @@
 /*
     invitation.c -- Create and accept invitations
-    Copyright (C) 2013-2017 Guus Sliepen <guus@tinc-vpn.org>
+    Copyright (C) 2013-2022 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -34,6 +34,7 @@
 #include "tincctl.h"
 #include "utils.h"
 #include "xalloc.h"
+#include "random.h"
 
 #include "ed25519/sha512.h"
 
@@ -97,7 +98,7 @@ static void scan_for_hostname(const char *filename, char **hostname, char **port
 	fclose(f);
 }
 
-char *get_my_hostname() {
+static char *get_my_hostname(void) {
 	char *hostname = NULL;
 	char *port = NULL;
 	char *hostport = NULL;
@@ -457,11 +458,13 @@ int cmd_invite(int argc, char *argv[]) {
 	randomize(cookie, 18);
 
 	// Create a filename that doesn't reveal the cookie itself
-	uint8_t buf[18 + strlen(fingerprint)];
+	const size_t buflen = 18 + strlen(fingerprint);
+	uint8_t *buf = alloca(buflen);
+
 	char cookiehash[64];
 	memcpy(buf, cookie, 18);
-	memcpy(buf + 18, fingerprint, sizeof(buf) - 18);
-	sha512(buf, sizeof(buf), cookiehash);
+	memcpy(buf + 18, fingerprint, buflen - 18);
+	sha512(buf, buflen, cookiehash);
 	b64encode_tinc_urlsafe(cookiehash, cookiehash, 18);
 
 	free(fingerprint);
@@ -545,15 +548,13 @@ int cmd_invite(int argc, char *argv[]) {
 }
 
 static int sock;
-static char cookie[18];
+static char cookie[18], hash[18];
 static sptps_t sptps;
 static char *data;
 static size_t datalen;
 static bool success = false;
 
-static char cookie[18], hash[18];
-
-static char *get_line(const char **data) {
+static char *get_line(char *line, size_t linelen, const char **data) {
 	if(!data || !*data) {
 		return NULL;
 	}
@@ -563,11 +564,10 @@ static char *get_line(const char **data) {
 		return NULL;
 	}
 
-	static char line[1024];
 	const char *end = strchr(*data, '\n');
 	size_t len = end ? (size_t)(end - *data) : strlen(*data);
 
-	if(len >= sizeof(line)) {
+	if(len >= linelen) {
 		fprintf(stderr, "Maximum line length exceeded!\n");
 		return NULL;
 	}
@@ -589,7 +589,9 @@ static char *get_line(const char **data) {
 }
 
 static char *get_value(const char *data, const char *var) {
-	char *line = get_line(&data);
+	static char buf[1024];
+
+	char *line = get_line(buf, sizeof(buf), &data);
 
 	if(!line) {
 		return NULL;
@@ -656,18 +658,13 @@ static char *grep(const char *data, const char *var) {
 }
 
 static bool finalize_join(void) {
-	const char *temp_name = get_value(data, "Name");
+	const char *name = get_value(data, "Name");
 
-	if(!temp_name) {
+	if(!name) {
 		fprintf(stderr, "No Name found in invitation!\n");
 		return false;
 	}
 
-	size_t len = strlen(temp_name);
-	char name[len + 1];
-	memcpy(name, temp_name, len);
-	name[len] = 0;
-
 	if(!check_id(name)) {
 		fprintf(stderr, "Invalid Name found in invitation!\n");
 		return false;
@@ -709,7 +706,7 @@ make_names:
 
 		// Generate a random netname, ask for a better one later.
 		ask_netname = true;
-		snprintf(temp_netname, sizeof(temp_netname), "join_%x", rand());
+		snprintf(temp_netname, sizeof(temp_netname), "join_%x", prng(UINT32_MAX));
 		netname = temp_netname;
 		goto make_names;
 	}
@@ -774,7 +771,9 @@ make_names:
 	const char *p = data;
 	char *l, *value;
 
-	while((l = get_line(&p))) {
+	static char line[1024];
+
+	while((l = get_line(line, sizeof(line), &p))) {
 		// Ignore comments
 		if(*l == '#') {
 			continue;
@@ -881,7 +880,7 @@ make_names:
 			return false;
 		}
 
-		while((l = get_line(&p))) {
+		while((l = get_line(line, sizeof(line), &p))) {
 			if(!strcmp(l, "#---------------------------------------------------------------#")) {
 				continue;
 			}
@@ -998,7 +997,7 @@ ask_netname:
 	char filename2[PATH_MAX];
 	snprintf(filename, sizeof(filename), "%s" SLASH "tinc-up.invitation", confbase);
 
-#ifdef HAVE_MINGW
+#ifdef HAVE_WINDOWS
 	snprintf(filename2, sizeof(filename2), "%s" SLASH "tinc-up.bat", confbase);
 #else
 	snprintf(filename2, sizeof(filename2), "%s" SLASH "tinc-up", confbase);
@@ -1030,7 +1029,7 @@ ask_netname:
 
 				if(response == 'e') {
 					char *command;
-#ifndef HAVE_MINGW
+#ifndef HAVE_WINDOWS
 					const char *editor = getenv("VISUAL");
 
 					if(!editor) {
@@ -1087,7 +1086,7 @@ ask_netname:
 static bool invitation_send(void *handle, uint8_t type, const void *vdata, size_t len) {
 	(void)handle;
 	(void)type;
-	const uint8_t *data = vdata;
+	const char *data = vdata;
 
 	while(len) {
 		ssize_t result = send(sock, data, len, 0);
@@ -1227,7 +1226,8 @@ int cmd_join(int argc, char *argv[]) {
 	}
 
 	if(!port || !*port) {
-		port = "655";
+		static char default_port[] = "655";
+		port = default_port;
 	}
 
 	if(!b64decode_tinc(slash, hash, 24) || !b64decode_tinc(slash + 24, cookie, 24)) {
@@ -1359,7 +1359,7 @@ next:
 				continue;
 			}
 
-#if HAVE_MINGW
+#if HAVE_WINDOWS
 
 			// If socket has been shut down, recv() on Windows returns -1 and sets sockerrno
 			// to WSAESHUTDOWN, while on UNIX-like operating systems recv() returns 0, so we