projects / tinc / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Modified some error messages in src/sptps.c.
[tinc] / src / sptps.c
diff --git a/src/sptps.c b/src/sptps.c
index 1699b97..6869575 100644 (file)
--- a/src/sptps.c
+++ b/src/sptps.c
@@ -98,7 +98,9 @@ static bool send_record_priv_datagram(sptps_t *s, uint8_t type, const char *data
 
        if(s->outstate) {
                // If first handshake has finished, encrypt and HMAC
-               cipher_set_counter(s->outcipher, &seqno, sizeof seqno);
+               if(!cipher_set_counter(s->outcipher, &seqno, sizeof seqno))
+                       return false;
+
                if(!cipher_counter_xor(s->outcipher, buffer + 6, len + 1UL, buffer + 6))
                        return false;
 
@@ -317,6 +319,7 @@ static bool receive_sig(sptps_t *s, const char *data, uint16_t len) {
        char shared[ECDH_SHARED_SIZE];
        if(!ecdh_compute_shared(s->ecdh, s->hiskex + 1 + 32, shared))
                return false;
+       s->ecdh = NULL;
 
        // Generate key material from shared secret.
        if(!generate_key_material(s, shared, sizeof shared))
@@ -397,7 +400,7 @@ static bool receive_handshake(sptps_t *s, const char *data, uint16_t len) {
                        return true;
                // TODO: split ACK into a VERify and ACK?
                default:
-                       return error(s, EIO, "Invalid session state");
+                       return error(s, EIO, "Invalid session state %d", s->state);
        }
 }
 
@@ -490,7 +493,8 @@ static bool sptps_receive_data_datagram(sptps_t *s, const char *data, size_t len
 
        // Decrypt.
        memcpy(&seqno, buffer + 2, 4);
-       cipher_set_counter(s->incipher, &seqno, sizeof seqno);
+       if(!cipher_set_counter(s->incipher, &seqno, sizeof seqno))
+               return false;
        if(!cipher_counter_xor(s->incipher, buffer + 6, len - 4, buffer + 6))
                return false;
 
@@ -508,7 +512,7 @@ static bool sptps_receive_data_datagram(sptps_t *s, const char *data, size_t len
                if(!receive_handshake(s, buffer + 7, len - 21))
                        return false;
        } else {
-               return error(s, EIO, "Invalid record type");
+               return error(s, EIO, "Invalid record type %d", type);
        }
 
        return true;
@@ -516,6 +520,9 @@ static bool sptps_receive_data_datagram(sptps_t *s, const char *data, size_t len
 
 // Receive incoming data. Check if it contains a complete record, if so, handle it.
 bool sptps_receive_data(sptps_t *s, const char *data, size_t len) {
+       if(!s->state)
+               return error(s, EIO, "Invalid session state zero");
+
        if(s->datagram)
                return sptps_receive_data_datagram(s, data, len);
 
@@ -598,7 +605,7 @@ bool sptps_receive_data(sptps_t *s, const char *data, size_t len) {
                        if(!receive_handshake(s, s->inbuf + 7, s->reclen))
                                return false;
                } else {
-                       return error(s, EIO, "Invalid record type");
+                       return error(s, EIO, "Invalid record type %d", type);
                }
 
                s->buflen = 4;
tinc, the VPN daemon