X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fnet_setup.c;h=e1d9f2759e8758e583aee0a30e852515e47e8f00;hp=2eff09f3f6d7a1370269c462e55ee63c908844df;hb=ef24d3997fe83e85dd1b4e9a164a3d96340cca7e;hpb=b58d95eb29662bce4388f95dbc5762b9e2999806

diff --git a/src/net_setup.c b/src/net_setup.c
index 2eff09f3..e1d9f275 100644
--- a/src/net_setup.c
+++ b/src/net_setup.c
@@ -1,7 +1,7 @@
 /*
     net_setup.c -- Setup.
     Copyright (C) 1998-2005 Ivo Timmermans,
-                  2000-2012 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2013 Guus Sliepen <guus@tinc-vpn.org>
                   2006      Scott Lamb <slamb@slamb.org>
                   2010      Brandon Black <blblack@gmail.com>
 
@@ -55,7 +55,8 @@ proxytype_t proxytype;
 
 bool read_rsa_public_key(connection_t *c) {
 	FILE *fp;
-	char *fname;
+	char *pubname;
+	char *hcfname;
 	char *key;
 
 	if(!c->rsa_key) {
@@ -66,7 +67,10 @@ bool read_rsa_public_key(connection_t *c) {
 	/* First, check for simple PublicKey statement */
 
 	if(get_config_string(lookup_config(c->config_tree, "PublicKey"), &key)) {
-		BN_hex2bn(&c->rsa_key->n, key);
+		if(BN_hex2bn(&c->rsa_key->n, key) != strlen(key)) {
+			logger(LOG_ERR, "Invalid PublicKey for %s!", c->name);
+			return false;
+		}
 		BN_hex2bn(&c->rsa_key->e, "FFFF");
 		free(key);
 		return true;
@@ -74,80 +78,79 @@ bool read_rsa_public_key(connection_t *c) {
 
 	/* Else, check for PublicKeyFile statement and read it */
 
-	if(get_config_string(lookup_config(c->config_tree, "PublicKeyFile"), &fname)) {
-		fp = fopen(fname, "r");
+	if(get_config_string(lookup_config(c->config_tree, "PublicKeyFile"), &pubname)) {
+		fp = fopen(pubname, "r");
 
 		if(!fp) {
-			logger(LOG_ERR, "Error reading RSA public key file `%s': %s",
-				   fname, strerror(errno));
-			free(fname);
+			logger(LOG_ERR, "Error reading RSA public key file `%s': %s", pubname, strerror(errno));
+			free(pubname);
 			return false;
 		}
 
-		free(fname);
 		c->rsa_key = PEM_read_RSAPublicKey(fp, &c->rsa_key, NULL, NULL);
 		fclose(fp);
 
-		if(c->rsa_key)
+		if(c->rsa_key) {
+			free(pubname);
 			return true;		/* Woohoo. */
+		}
 
 		/* If it fails, try PEM_read_RSA_PUBKEY. */
-		fp = fopen(fname, "r");
+		fp = fopen(pubname, "r");
 
 		if(!fp) {
-			logger(LOG_ERR, "Error reading RSA public key file `%s': %s",
-				   fname, strerror(errno));
-			free(fname);
+			logger(LOG_ERR, "Error reading RSA public key file `%s': %s", pubname, strerror(errno));
+			free(pubname);
 			return false;
 		}
 
-		free(fname);
 		c->rsa_key = PEM_read_RSA_PUBKEY(fp, &c->rsa_key, NULL, NULL);
 		fclose(fp);
 
 		if(c->rsa_key) {
 //				RSA_blinding_on(c->rsa_key, NULL);
+			free(pubname);
 			return true;
 		}
 
-		logger(LOG_ERR, "Reading RSA public key file `%s' failed: %s",
-			   fname, strerror(errno));
+		logger(LOG_ERR, "Reading RSA public key file `%s' failed: %s", pubname, strerror(errno));
+		free(pubname);
 		return false;
 	}
 
 	/* Else, check if a harnessed public key is in the config file */
 
-	xasprintf(&fname, "%s/hosts/%s", confbase, c->name);
-	fp = fopen(fname, "r");
+	xasprintf(&hcfname, "%s/hosts/%s", confbase, c->name);
+	fp = fopen(hcfname, "r");
 
 	if(!fp) {
-		logger(LOG_ERR, "Error reading RSA public key file `%s': %s", fname, strerror(errno));
-		free(fname);
+		logger(LOG_ERR, "Error reading RSA public key file `%s': %s", hcfname, strerror(errno));
+		free(hcfname);
 		return false;
 	}
 
 	c->rsa_key = PEM_read_RSAPublicKey(fp, &c->rsa_key, NULL, NULL);
 	fclose(fp);
-	free(fname);
 
-	if(c->rsa_key)
+	if(c->rsa_key) {
+		free(hcfname);
 		return true;
+	}
 
 	/* Try again with PEM_read_RSA_PUBKEY. */
 
-	xasprintf(&fname, "%s/hosts/%s", confbase, c->name);
-	fp = fopen(fname, "r");
+	fp = fopen(hcfname, "r");
 
 	if(!fp) {
-		logger(LOG_ERR, "Error reading RSA public key file `%s': %s", fname, strerror(errno));
-		free(fname);
+		logger(LOG_ERR, "Error reading RSA public key file `%s': %s", hcfname, strerror(errno));
+		free(hcfname);
 		return false;
 	}
 
+	free(hcfname);
 	c->rsa_key = PEM_read_RSA_PUBKEY(fp, &c->rsa_key, NULL, NULL);
 //	RSA_blinding_on(c->rsa_key, NULL);
 	fclose(fp);
-	free(fname);
 
 	if(c->rsa_key)
 		return true;
@@ -160,7 +163,6 @@ bool read_rsa_public_key(connection_t *c) {
 static bool read_rsa_private_key(void) {
 	FILE *fp;
 	char *fname, *key, *pubkey;
-	struct stat s;
 
 	if(get_config_string(lookup_config(config_tree, "PrivateKey"), &key)) {
 		if(!get_config_string(lookup_config(config_tree, "PublicKey"), &pubkey)) {
@@ -169,8 +171,14 @@ static bool read_rsa_private_key(void) {
 		}
 		myself->connection->rsa_key = RSA_new();
 //		RSA_blinding_on(myself->connection->rsa_key, NULL);
-		BN_hex2bn(&myself->connection->rsa_key->d, key);
-		BN_hex2bn(&myself->connection->rsa_key->n, pubkey);
+		if(BN_hex2bn(&myself->connection->rsa_key->d, key) != strlen(key)) {
+			logger(LOG_ERR, "Invalid PrivateKey for myself!");
+			return false;
+		}
+		if(BN_hex2bn(&myself->connection->rsa_key->n, pubkey) != strlen(pubkey)) {
+			logger(LOG_ERR, "Invalid PublicKey for myself!");
+			return false;
+		}
 		BN_hex2bn(&myself->connection->rsa_key->e, "FFFF");
 		free(key);
 		free(pubkey);
@@ -190,6 +198,8 @@ static bool read_rsa_private_key(void) {
 	}
 
 #if !defined(HAVE_MINGW) && !defined(HAVE_CYGWIN)
+	struct stat s;
+
 	if(fstat(fileno(fp), &s)) {
 		logger(LOG_ERR, "Could not stat RSA private key file `%s': %s'",
 				fname, strerror(errno));
@@ -285,17 +295,18 @@ char *get_name(void) {
 
 	if(*name == '$') {
 		char *envname = getenv(name + 1);
+		char hostname[32] = "";
 		if(!envname) {
 			if(strcmp(name + 1, "HOST")) {
 				fprintf(stderr, "Invalid Name: environment variable %s does not exist\n", name + 1);
 				return false;
 			}
-			envname = alloca(32);
-			if(gethostname(envname, 32)) {
+			if(gethostname(hostname, sizeof hostname) || !*hostname) {
 				fprintf(stderr, "Could not get hostname: %s\n", strerror(errno));
 				return false;
 			}
-			envname[31] = 0;
+			hostname[31] = 0;
+			envname = hostname;
 		}
 		free(name);
 		name = xstrdup(envname);
@@ -324,7 +335,7 @@ static bool setup_myself(void) {
 	char *address = NULL;
 	char *proxy = NULL;
 	char *space;
-	char *envp[5];
+	char *envp[5] = {NULL};
 	struct addrinfo *ai, *aip, hint = {0};
 	bool choice;
 	int i, err;
@@ -422,7 +433,7 @@ static bool setup_myself(void) {
 				if(proxyuser && *proxyuser)
 					proxyuser = xstrdup(proxyuser);
 				if(proxypass && *proxypass)
-					proxyuser = xstrdup(proxypass);
+					proxypass = xstrdup(proxypass);
 				break;
 		}
 
@@ -682,11 +693,10 @@ static bool setup_myself(void) {
 	xasprintf(&envp[1], "DEVICE=%s", device ? : "");
 	xasprintf(&envp[2], "INTERFACE=%s", iface ? : "");
 	xasprintf(&envp[3], "NAME=%s", myself->name);
-	envp[4] = NULL;
 
 	execute_script("tinc-up", envp);
 
-	for(i = 0; i < 5; i++)
+	for(i = 0; i < 4; i++)
 		free(envp[i]);
 
 	/* Run subnet-up scripts for our own subnets */
@@ -852,7 +862,7 @@ bool setup_network(void) {
 void close_network_connections(void) {
 	avl_node_t *node, *next;
 	connection_t *c;
-	char *envp[5];
+	char *envp[5] = {NULL};
 	int i;
 
 	for(node = connection_tree->head; node; node = next) {
@@ -886,7 +896,6 @@ void close_network_connections(void) {
 	xasprintf(&envp[1], "DEVICE=%s", device ? : "");
 	xasprintf(&envp[2], "INTERFACE=%s", iface ? : "");
 	xasprintf(&envp[3], "NAME=%s", myself->name);
-	envp[4] = NULL;
 
 	exit_requests();
 	exit_edges();