Prevent possible buffer overflows when using very large (>= 8192 bit) RSA keys.

[tinc] / src / protocol_auth.c

diff --git a/src/protocol_auth.c b/src/protocol_auth.c
index 214d4dd..c44c6d0 100644 (file)
--- a/src/protocol_auth.c
+++ b/src/protocol_auth.c
@@ -1,7 +1,7 @@
 /*
     protocol_auth.c -- handle the meta-protocol, authentication
-    Copyright (C) 1999-2004 Ivo Timmermans <ivo@tinc-vpn.org>,
-                  2000-2004 Guus Sliepen <guus@tinc-vpn.org>
+    Copyright (C) 1999-2005 Ivo Timmermans <ivo@tinc-vpn.org>,
+                  2000-2005 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -76,8 +76,11 @@ bool id_h(connection_t *c)
                                   c->name);
                        return false;
                }
-       } else
+       } else {
+               if(c->name)
+                       free(c->name);
                c->name = xstrdup(name);
+       }
 
        /* Check if version matches */
 
@@ -115,7 +118,7 @@ bool id_h(connection_t *c)
 
 bool send_metakey(connection_t *c)
 {
-       char buffer[MAX_STRING_SIZE];
+       char *buffer;
        int len;
        bool x;
 
@@ -125,6 +128,8 @@ bool send_metakey(connection_t *c)
 
        /* Allocate buffers for the meta key */
 
+       buffer = alloca(2 * len + 1);
+       
        if(!c->outkey)
                c->outkey = xmalloc(len);
 
@@ -299,7 +304,7 @@ bool metakey_h(connection_t *c)
 
 bool send_challenge(connection_t *c)
 {
-       char buffer[MAX_STRING_SIZE];
+       char *buffer;
        int len;
 
        cp();
@@ -310,6 +315,8 @@ bool send_challenge(connection_t *c)
 
        /* Allocate buffers for the challenge */
 
+       buffer = alloca(2 * len + 1);
+
        if(!c->hischallenge)
                c->hischallenge = xmalloc(len);