X-Git-Url: https://www.tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fsptps.c;h=68695754900c59834017dfd4a551e9b80f471c84;hb=a518f82af79036527cb8d1a592a6778ec1657e9c;hp=5d0d456297367b687aca430c02b72f91c6d71e66;hpb=214060ef20499332b0369030b664a8e239518661;p=tinc

diff --git a/src/sptps.c b/src/sptps.c
index 5d0d4562..68695754 100644
--- a/src/sptps.c
+++ b/src/sptps.c
@@ -319,6 +319,7 @@ static bool receive_sig(sptps_t *s, const char *data, uint16_t len) {
 	char shared[ECDH_SHARED_SIZE];
 	if(!ecdh_compute_shared(s->ecdh, s->hiskex + 1 + 32, shared))
 		return false;
+	s->ecdh = NULL;
 
 	// Generate key material from shared secret.
 	if(!generate_key_material(s, shared, sizeof shared))
@@ -399,7 +400,7 @@ static bool receive_handshake(sptps_t *s, const char *data, uint16_t len) {
 			return true;
 		// TODO: split ACK into a VERify and ACK?
 		default:
-			return error(s, EIO, "Invalid session state");
+			return error(s, EIO, "Invalid session state %d", s->state);
 	}
 }
 
@@ -511,7 +512,7 @@ static bool sptps_receive_data_datagram(sptps_t *s, const char *data, size_t len
 		if(!receive_handshake(s, buffer + 7, len - 21))
 			return false;
 	} else {
-		return error(s, EIO, "Invalid record type");
+		return error(s, EIO, "Invalid record type %d", type);
 	}
 
 	return true;
@@ -519,6 +520,9 @@ static bool sptps_receive_data_datagram(sptps_t *s, const char *data, size_t len
 
 // Receive incoming data. Check if it contains a complete record, if so, handle it.
 bool sptps_receive_data(sptps_t *s, const char *data, size_t len) {
+	if(!s->state)
+		return error(s, EIO, "Invalid session state zero");
+
 	if(s->datagram)
 		return sptps_receive_data_datagram(s, data, len);
 
@@ -601,7 +605,7 @@ bool sptps_receive_data(sptps_t *s, const char *data, size_t len) {
 			if(!receive_handshake(s, s->inbuf + 7, s->reclen))
 				return false;
 		} else {
-			return error(s, EIO, "Invalid record type");
+			return error(s, EIO, "Invalid record type %d", type);
 		}
 
 		s->buflen = 4;