Prevent oracle attacks in the legacy protocol (CVE-2018-16737, CVE-2018-16738)

[tinc] / src / sptps.c

diff --git a/src/sptps.c b/src/sptps.c
index 93a7ad3..82e913e 100644 (file)
--- a/src/sptps.c
+++ b/src/sptps.c
@@ -287,7 +287,11 @@ static bool receive_kex(sptps_t *s, const char *data, uint16_t len) {
 
        memcpy(s->hiskex, data, len);
 
-       return send_sig(s);
+       if(s->initiator) {
+               return send_sig(s);
+       } else {
+               return true;
+       }
 }
 
 // Receive a SIGnature record, verify it, if it passed, compute the shared secret and calculate the session keys.
@@ -327,6 +331,10 @@ static bool receive_sig(sptps_t *s, const char *data, uint16_t len) {
                return false;
        }
 
+       if(!s->initiator && !send_sig(s)) {
+               return false;
+       }
+
        free(s->mykex);
        free(s->hiskex);