projects
/
tinc
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Prevent oracle attacks in the legacy protocol (CVE-2018-16737, CVE-2018-16738)
[tinc]
/
src
/
sptps.c
diff --git
a/src/sptps.c
b/src/sptps.c
index
93a7ad3
..
82e913e
100644
(file)
--- a/
src/sptps.c
+++ b/
src/sptps.c
@@
-287,7
+287,11
@@
static bool receive_kex(sptps_t *s, const char *data, uint16_t len) {
memcpy(s->hiskex, data, len);
memcpy(s->hiskex, data, len);
- return send_sig(s);
+ if(s->initiator) {
+ return send_sig(s);
+ } else {
+ return true;
+ }
}
// Receive a SIGnature record, verify it, if it passed, compute the shared secret and calculate the session keys.
}
// Receive a SIGnature record, verify it, if it passed, compute the shared secret and calculate the session keys.
@@
-327,6
+331,10
@@
static bool receive_sig(sptps_t *s, const char *data, uint16_t len) {
return false;
}
return false;
}
+ if(!s->initiator && !send_sig(s)) {
+ return false;
+ }
+
free(s->mykex);
free(s->hiskex);
free(s->mykex);
free(s->hiskex);