X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fprotocol_auth.c;h=3bd34a01b5743bcf3ee5d354bf4cfdde7bc5c90a;hp=d5b702d90bb4b49dfb4c4fb4a749921f5bf8029d;hb=0eceee6a66b28535a9c44d282e07a5825c7a1f04;hpb=5a161e86cf35351f5274d7a8e17fef4630b40686

diff --git a/src/protocol_auth.c b/src/protocol_auth.c
index d5b702d9..3bd34a01 100644
--- a/src/protocol_auth.c
+++ b/src/protocol_auth.c
@@ -244,7 +244,7 @@ bool send_metakey(connection_t *c) {
 	 */
 
 	if(RSA_public_encrypt(len, (unsigned char *)c->outkey, (unsigned char *)buffer, c->rsa_key, RSA_NO_PADDING) != len) {
-		logger(LOG_ERR, "Error during encryption of meta key for %s (%s) %s",
+		logger(LOG_ERR, "Error during encryption of meta key for %s (%s): %s",
 			   c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
 		return false;
 	}
@@ -308,12 +308,15 @@ bool metakey_h(connection_t *c) {
 
 	/* Convert the challenge from hexadecimal back to binary */
 
-	hex2bin(buffer, buffer, len);
+	if(!hex2bin(buffer, buffer, len)) {
+		logger(LOG_ERR, "Got bad %s from %s(%s): %s", "METAKEY", c->name, c->hostname, "invalid key");
+		return false;
+	}
 
 	/* Decrypt the meta key */
 
 	if(RSA_private_decrypt(len, (unsigned char *)buffer, (unsigned char *)c->inkey, myself->connection->rsa_key, RSA_NO_PADDING) != len) {	/* See challenge() */
-		logger(LOG_ERR, "Error during decryption of meta key for %s (%s) %s",
+		logger(LOG_ERR, "Error during decryption of meta key for %s (%s): %s",
 			   c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
 		return false;
 	}
@@ -426,7 +429,10 @@ bool challenge_h(connection_t *c) {
 
 	/* Convert the challenge from hexadecimal back to binary */
 
-	hex2bin(buffer, c->mychallenge, len);
+	if(!hex2bin(buffer, c->mychallenge, len)) {
+		logger(LOG_ERR, "Got bad %s from %s(%s): %s", "CHALLENGE", c->name, c->hostname, "invalid challenge");
+		return false;
+	}
 
 	c->allow_request = CHAL_REPLY;
 
@@ -480,7 +486,10 @@ bool chal_reply_h(connection_t *c) {
 
 	/* Convert the hash to binary format */
 
-	hex2bin(hishash, hishash, c->outdigest->md_size);
+	if(!hex2bin(hishash, hishash, c->outdigest->md_size)) {
+		logger(LOG_ERR, "Got bad %s from %s(%s): %s", "CHAL_REPLY", c->name, c->hostname, "invalid hash");
+		return false;
+	}
 
 	/* Calculate the hash from the challenge we sent */