X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fprotocol_auth.c;h=3bd34a01b5743bcf3ee5d354bf4cfdde7bc5c90a;hp=81189332495ccd7b1a0618ada156a5358d31ca74;hb=1d7b86cd9d1421f67d3717a52a52635155a29829;hpb=fb5588856fa4dd6f140c72f7360302fe85b20c75

diff --git a/src/protocol_auth.c b/src/protocol_auth.c
index 81189332..3bd34a01 100644
--- a/src/protocol_auth.c
+++ b/src/protocol_auth.c
@@ -117,6 +117,8 @@ static bool send_proxyrequest(connection_t *c) {
 		case PROXY_SOCKS4A:
 			logger(LOG_ERR, "Proxy type not implemented yet");
 			return false;
+		case PROXY_EXEC:
+			return true;
 		default:
 			logger(LOG_ERR, "Unknown proxy type");
 			return false;
@@ -242,8 +244,8 @@ bool send_metakey(connection_t *c) {
 	 */
 
 	if(RSA_public_encrypt(len, (unsigned char *)c->outkey, (unsigned char *)buffer, c->rsa_key, RSA_NO_PADDING) != len) {
-		logger(LOG_ERR, "Error during encryption of meta key for %s (%s)",
-			   c->name, c->hostname);
+		logger(LOG_ERR, "Error during encryption of meta key for %s (%s): %s",
+			   c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
 		return false;
 	}
 
@@ -306,13 +308,16 @@ bool metakey_h(connection_t *c) {
 
 	/* Convert the challenge from hexadecimal back to binary */
 
-	hex2bin(buffer, buffer, len);
+	if(!hex2bin(buffer, buffer, len)) {
+		logger(LOG_ERR, "Got bad %s from %s(%s): %s", "METAKEY", c->name, c->hostname, "invalid key");
+		return false;
+	}
 
 	/* Decrypt the meta key */
 
 	if(RSA_private_decrypt(len, (unsigned char *)buffer, (unsigned char *)c->inkey, myself->connection->rsa_key, RSA_NO_PADDING) != len) {	/* See challenge() */
-		logger(LOG_ERR, "Error during decryption of meta key for %s (%s)",
-			   c->name, c->hostname);
+		logger(LOG_ERR, "Error during decryption of meta key for %s (%s): %s",
+			   c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
 		return false;
 	}
 
@@ -424,7 +429,10 @@ bool challenge_h(connection_t *c) {
 
 	/* Convert the challenge from hexadecimal back to binary */
 
-	hex2bin(buffer, c->mychallenge, len);
+	if(!hex2bin(buffer, c->mychallenge, len)) {
+		logger(LOG_ERR, "Got bad %s from %s(%s): %s", "CHALLENGE", c->name, c->hostname, "invalid challenge");
+		return false;
+	}
 
 	c->allow_request = CHAL_REPLY;
 
@@ -478,7 +486,10 @@ bool chal_reply_h(connection_t *c) {
 
 	/* Convert the hash to binary format */
 
-	hex2bin(hishash, hishash, c->outdigest->md_size);
+	if(!hex2bin(hishash, hishash, c->outdigest->md_size)) {
+		logger(LOG_ERR, "Got bad %s from %s(%s): %s", "CHAL_REPLY", c->name, c->hostname, "invalid hash");
+		return false;
+	}
 
 	/* Calculate the hash from the challenge we sent */