X-Git-Url: https://www.tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Ftincctl.c;h=1f0246c0aa8234cf7a454e2842d12e799143644c;hb=9cbd3c2b5b03c29c116a14f196db8a32c7135391;hp=e42ec2cc81ccebb72709dac737856c5bdb64cfb8;hpb=ab5f4cbdc65cbc55062b36a6c11482c217884fe8;p=tinc

diff --git a/src/tincctl.c b/src/tincctl.c
index e42ec2cc..1f0246c0 100644
--- a/src/tincctl.c
+++ b/src/tincctl.c
@@ -446,11 +446,13 @@ static bool rsa_keygen(int bits, bool ask) {
 	// Make sure the key size is a multiple of 8 bits.
 	bits &= ~0x7;
 
-	// Force them to be between 1024 and 8192 bits long.
-	if(bits < 1024)
-		bits = 1024;
-	if(bits > 8192)
-		bits = 8192;
+	// Make sure that a valid key size is used.
+	if(bits < 1024 || bits > 8192) {
+		fprintf(stderr, "Invalid key size %d specified! It should be between 1024 and 8192 bits.\n", bits);
+		return false;
+	} else if(bits < 2048) {
+		fprintf(stderr, "WARNING: generating a weak %d bits RSA key! 2048 or more bits are recommended.\n", bits);
+	}
 
 	fprintf(stderr, "Generating %d bits keys:\n", bits);
 
@@ -560,6 +562,7 @@ bool sendline(int fd, char *format, ...) {
 
 	va_start(ap, format);
 	blen = vsnprintf(buffer, sizeof buffer, format, ap);
+	buffer[sizeof buffer - 1] = 0;
 	va_end(ap);
 
 	if(blen < 1 || blen >= sizeof buffer)
@@ -718,6 +721,13 @@ bool connect_tincd(bool verbose) {
 	}
 
 	fclose(f);
+	if ((pid == 0) || (kill(pid, 0) && (errno == ESRCH))) {
+		fprintf(stderr, "Could not find tincd running at pid %d\n", pid);
+		/* clean up the stale socket and pid file */
+		unlink(pidfilename);
+		unlink(unixsocketname);
+		return false;
+	}
 
 #ifndef HAVE_MINGW
 	struct sockaddr_un sa;
@@ -878,7 +888,7 @@ static int cmd_start(int argc, char *argv[]) {
 
 	if(!pid) {
 		close(pfd[0]);
-		char buf[100] = "";
+		char buf[100];
 		snprintf(buf, sizeof buf, "%d", pfd[1]);
 		setenv("TINC_UMBILICAL", buf, true);
 		exit(execvp(c, nargv));
@@ -1384,7 +1394,7 @@ static int cmd_pid(int argc, char *argv[]) {
 		return 1;
 	}
 
-	if(!connect_tincd(true) && !pid)
+	if(!connect_tincd(true) || !pid)
 		return 1;
 
 	printf("%d\n", pid);
@@ -2513,6 +2523,7 @@ static int cmd_verify(int argc, char *argv[]) {
 	char *newline = memchr(data, '\n', len);
 	if(!newline || (newline - data > MAX_STRING_SIZE - 1)) {
 		fprintf(stderr, "Invalid input\n");
+		free(data);
 		return 1;
 	}
 
@@ -2525,11 +2536,13 @@ static int cmd_verify(int argc, char *argv[]) {
 
 	if(sscanf(data, "Signature = %s %ld %s", signer, &t, sig) != 3 || strlen(sig) != 86 || !t || !check_id(signer)) {
 		fprintf(stderr, "Invalid input\n");
+		free(data);
 		return 1;
 	}
 
 	if(node && strcmp(node, signer)) {
 		fprintf(stderr, "Signature is not made by %s\n", node);
+		free(data);
 		return 1;
 	}
 
@@ -2823,8 +2836,10 @@ static int cmd_shell(int argc, char *argv[]) {
 		if(nargc == argc)
 			continue;
 
-		if(!strcasecmp(nargv[argc], "exit") || !strcasecmp(nargv[argc], "quit"))
+		if(!strcasecmp(nargv[argc], "exit") || !strcasecmp(nargv[argc], "quit")) {
+			free(nargv);
 			return result;
+		}
 
 		bool found = false;