X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fencr.c;h=c34c1c93b6a2eaffdcb2b16811753419863a6a0e;hp=899a46b0718bb8dad51bc94a04123aa0e000204c;hb=c9246896901ff1ebad91ac399a4ea79fad941f75;hpb=1243156a5e03a666b36bc4400f1402243a85c9a7

diff --git a/src/encr.c b/src/encr.c
index 899a46b0..c34c1c93 100644
--- a/src/encr.c
+++ b/src/encr.c
@@ -107,7 +107,12 @@ int read_passphrase(char *which, char **out)
     }
 
   fscanf(f, "%d ", &size);
-  size >>= 2; /* nibbles->bits */
+  if(size < 1 || size > (1<<15))
+    {
+      syslog(LOG_ERR, "Illegal passphrase in %s; size would be %d", filename, size);
+      return -1;
+    }
+  size >>= 2; /* bits->nibbles */
   pp = xmalloc(size+2);
   fgets(pp, size+1, f);
   fclose(f);
@@ -300,15 +305,11 @@ void recalculate_encryption_keys(void)
   for(p = conn_list; p != NULL; p = p->next)
     {
       if(!p->public_key || !p->public_key->key)
+	/* We haven't received a key from this host (yet). */
 	continue;
       ek = make_shared_key(p->public_key->key);
-      if(!p->key)
-	{
-	  p->key = xmalloc(sizeof(enc_key_t));
-	  p->key->key = NULL;
-	}
-      if(p->key->key)
-	free(p->key->key);
+      free_key(p->key);
+      p->key = xmalloc(sizeof(enc_key_t));
       p->key->length = strlen(ek);
       p->key->expiry = p->public_key->expiry;
       p->key->key = xmalloc(strlen(ek) + 1);