projects
/
tinc
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Check for an illegal length of passphrase in read_passphrase().
[tinc]
/
src
/
encr.c
diff --git
a/src/encr.c
b/src/encr.c
index
899a46b
..
c34c1c9
100644
(file)
--- a/
src/encr.c
+++ b/
src/encr.c
@@
-107,7
+107,12
@@
int read_passphrase(char *which, char **out)
}
fscanf(f, "%d ", &size);
}
fscanf(f, "%d ", &size);
- size >>= 2; /* nibbles->bits */
+ if(size < 1 || size > (1<<15))
+ {
+ syslog(LOG_ERR, "Illegal passphrase in %s; size would be %d", filename, size);
+ return -1;
+ }
+ size >>= 2; /* bits->nibbles */
pp = xmalloc(size+2);
fgets(pp, size+1, f);
fclose(f);
pp = xmalloc(size+2);
fgets(pp, size+1, f);
fclose(f);
@@
-300,15
+305,11
@@
void recalculate_encryption_keys(void)
for(p = conn_list; p != NULL; p = p->next)
{
if(!p->public_key || !p->public_key->key)
for(p = conn_list; p != NULL; p = p->next)
{
if(!p->public_key || !p->public_key->key)
+ /* We haven't received a key from this host (yet). */
continue;
ek = make_shared_key(p->public_key->key);
continue;
ek = make_shared_key(p->public_key->key);
- if(!p->key)
- {
- p->key = xmalloc(sizeof(enc_key_t));
- p->key->key = NULL;
- }
- if(p->key->key)
- free(p->key->key);
+ free_key(p->key);
+ p->key = xmalloc(sizeof(enc_key_t));
p->key->length = strlen(ek);
p->key->expiry = p->public_key->expiry;
p->key->key = xmalloc(strlen(ek) + 1);
p->key->length = strlen(ek);
p->key->expiry = p->public_key->expiry;
p->key->key = xmalloc(strlen(ek) + 1);