projects
/
tinc
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Prevent possible buffer overflows when using very large (>= 8192 bit) RSA keys.
[tinc]
/
src
/
protocol_auth.c
diff --git
a/src/protocol_auth.c
b/src/protocol_auth.c
index
8d4b032
..
c44c6d0
100644
(file)
--- a/
src/protocol_auth.c
+++ b/
src/protocol_auth.c
@@
-118,7
+118,7
@@
bool id_h(connection_t *c)
bool send_metakey(connection_t *c)
{
bool send_metakey(connection_t *c)
{
- char
buffer[MAX_STRING_SIZE]
;
+ char
*buffer
;
int len;
bool x;
int len;
bool x;
@@
-128,6
+128,8
@@
bool send_metakey(connection_t *c)
/* Allocate buffers for the meta key */
/* Allocate buffers for the meta key */
+ buffer = alloca(2 * len + 1);
+
if(!c->outkey)
c->outkey = xmalloc(len);
if(!c->outkey)
c->outkey = xmalloc(len);
@@
-302,7
+304,7
@@
bool metakey_h(connection_t *c)
bool send_challenge(connection_t *c)
{
bool send_challenge(connection_t *c)
{
- char
buffer[MAX_STRING_SIZE]
;
+ char
*buffer
;
int len;
cp();
int len;
cp();
@@
-313,6
+315,8
@@
bool send_challenge(connection_t *c)
/* Allocate buffers for the challenge */
/* Allocate buffers for the challenge */
+ buffer = alloca(2 * len + 1);
+
if(!c->hischallenge)
c->hischallenge = xmalloc(len);
if(!c->hischallenge)
c->hischallenge = xmalloc(len);