projects / tinc / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Allow "none" for Cipher and Digest again.
[tinc] / src / protocol_key.c
diff --git a/src/protocol_key.c b/src/protocol_key.c
index af103c6..e41ec42 100644 (file)
--- a/src/protocol_key.c
+++ b/src/protocol_key.c
@@ -158,11 +158,12 @@ static bool req_key_ext_h(connection_t *c, const char *request, node_t *from, in
                                logger(DEBUG_ALWAYS, LOG_DEBUG, "Got REQ_KEY from %s while we already started a SPTPS session!", from->name);
 
                        char buf[MAX_STRING_SIZE];
-                       if(sscanf(request, "%*d %*s %*s %*d " MAX_STRING, buf) != 1) {
+                       int len;
+
+                       if(sscanf(request, "%*d %*s %*s %*d " MAX_STRING, buf) != 1 || !(len = b64decode(buf, buf, strlen(buf)))) {
                                logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s): %s", "REQ_SPTPS_START", from->name, from->hostname, "invalid SPTPS data");
                                return true;
                        }
-                       int len = b64decode(buf, buf, strlen(buf));
 
                        char label[25 + strlen(from->name) + strlen(myself->name)];
                        snprintf(label, sizeof label, "tinc UDP key expansion %s %s", from->name, myself->name);
@@ -182,11 +183,11 @@ static bool req_key_ext_h(connection_t *c, const char *request, node_t *from, in
                        }
 
                        char buf[MAX_STRING_SIZE];
-                       if(sscanf(request, "%*d %*s %*s %*d " MAX_STRING, buf) != 1) {
+                       int len;
+                       if(sscanf(request, "%*d %*s %*s %*d " MAX_STRING, buf) != 1 || !(len = b64decode(buf, buf, strlen(buf)))) {
                                logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s): %s", "REQ_SPTPS", from->name, from->hostname, "invalid SPTPS data");
                                return true;
                        }
-                       int len = b64decode(buf, buf, strlen(buf));
                        sptps_receive_data(&from->sptps, buf, len);
                        return true;
                }
@@ -375,7 +376,7 @@ bool ans_key_h(connection_t *c, const char *request) {
                char buf[strlen(key)];
                int len = b64decode(key, buf, strlen(key));
 
-               if(!sptps_receive_data(&from->sptps, buf, len))
+               if(!len || !sptps_receive_data(&from->sptps, buf, len))
                        logger(DEBUG_ALWAYS, LOG_ERR, "Error processing SPTPS data from %s (%s)", from->name, from->hostname);
 
                if(from->status.validkey) {
@@ -385,7 +386,7 @@ bool ans_key_h(connection_t *c, const char *request) {
                                update_node_udp(from, &sa);
                        }
 
-                       if(from->options & OPTION_PMTU_DISCOVERY)
+                       if(from->options & OPTION_PMTU_DISCOVERY && !(from->options & OPTION_TCPONLY))
                                send_mtu_probe(from);
                }
 
@@ -394,14 +395,22 @@ bool ans_key_h(connection_t *c, const char *request) {
 
        /* Check and lookup cipher and digest algorithms */
 
-       if(!(from->outcipher = cipher_open_by_nid(cipher))) {
-               logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%s) uses unknown cipher!", from->name, from->hostname);
-               return false;
+       if(cipher) {
+               if(!(from->outcipher = cipher_open_by_nid(cipher))) {
+                       logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%s) uses unknown cipher!", from->name, from->hostname);
+                       return false;
+               }
+       } else {
+               from->outcipher = NULL;
        }
 
-       if(!(from->outdigest = digest_open_by_nid(digest, maclength))) {
-               logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%s) uses unknown digest!", from->name, from->hostname);
-               return false;
+       if(digest) {
+               if(!(from->outdigest = digest_open_by_nid(digest, maclength))) {
+                       logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%s) uses unknown digest!", from->name, from->hostname);
+                       return false;
+               }
+       } else {
+               from->outdigest = NULL;
        }
 
        if(maclength != digest_length(from->outdigest)) {
@@ -434,7 +443,7 @@ bool ans_key_h(connection_t *c, const char *request) {
                update_node_udp(from, &sa);
        }
 
-       if(from->options & OPTION_PMTU_DISCOVERY)
+       if(from->options & OPTION_PMTU_DISCOVERY && !(from->options & OPTION_TCPONLY))
                send_mtu_probe(from);
 
        return true;
tinc, the VPN daemon