X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fprotocol_key.c;h=e41ec42223f149782bc98c90ca5f832311632175;hp=7f6e1653e4e7c71436fda21567d6ab33f2ca1663;hb=51bddfd4dd95161afae2cac4aa5d31970fef5714;hpb=9b9230a0a79c670b86f54fadd2807b864ff9d91f diff --git a/src/protocol_key.c b/src/protocol_key.c index 7f6e1653..e41ec422 100644 --- a/src/protocol_key.c +++ b/src/protocol_key.c @@ -158,11 +158,12 @@ static bool req_key_ext_h(connection_t *c, const char *request, node_t *from, in logger(DEBUG_ALWAYS, LOG_DEBUG, "Got REQ_KEY from %s while we already started a SPTPS session!", from->name); char buf[MAX_STRING_SIZE]; - if(sscanf(request, "%*d %*s %*s %*d " MAX_STRING, buf) != 1) { + int len; + + if(sscanf(request, "%*d %*s %*s %*d " MAX_STRING, buf) != 1 || !(len = b64decode(buf, buf, strlen(buf)))) { logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s): %s", "REQ_SPTPS_START", from->name, from->hostname, "invalid SPTPS data"); return true; } - int len = b64decode(buf, buf, strlen(buf)); char label[25 + strlen(from->name) + strlen(myself->name)]; snprintf(label, sizeof label, "tinc UDP key expansion %s %s", from->name, myself->name); @@ -182,11 +183,11 @@ static bool req_key_ext_h(connection_t *c, const char *request, node_t *from, in } char buf[MAX_STRING_SIZE]; - if(sscanf(request, "%*d %*s %*s %*d " MAX_STRING, buf) != 1) { + int len; + if(sscanf(request, "%*d %*s %*s %*d " MAX_STRING, buf) != 1 || !(len = b64decode(buf, buf, strlen(buf)))) { logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s): %s", "REQ_SPTPS", from->name, from->hostname, "invalid SPTPS data"); return true; } - int len = b64decode(buf, buf, strlen(buf)); sptps_receive_data(&from->sptps, buf, len); return true; } @@ -273,8 +274,10 @@ bool send_ans_key(node_t *to) { abort(); randomize(key, keylen); - cipher_set_key(to->incipher, key, false); - digest_set_key(to->indigest, key, keylen); + if(!cipher_set_key(to->incipher, key, false)) + abort(); + if(!digest_set_key(to->indigest, key, keylen)) + abort(); bin2hex(key, key, keylen); @@ -373,7 +376,7 @@ bool ans_key_h(connection_t *c, const char *request) { char buf[strlen(key)]; int len = b64decode(key, buf, strlen(key)); - if(!sptps_receive_data(&from->sptps, buf, len)) + if(!len || !sptps_receive_data(&from->sptps, buf, len)) logger(DEBUG_ALWAYS, LOG_ERR, "Error processing SPTPS data from %s (%s)", from->name, from->hostname); if(from->status.validkey) { @@ -383,7 +386,7 @@ bool ans_key_h(connection_t *c, const char *request) { update_node_udp(from, &sa); } - if(from->options & OPTION_PMTU_DISCOVERY) + if(from->options & OPTION_PMTU_DISCOVERY && !(from->options & OPTION_TCPONLY)) send_mtu_probe(from); } @@ -392,14 +395,22 @@ bool ans_key_h(connection_t *c, const char *request) { /* Check and lookup cipher and digest algorithms */ - if(!(from->outcipher = cipher_open_by_nid(cipher))) { - logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%s) uses unknown cipher!", from->name, from->hostname); - return false; + if(cipher) { + if(!(from->outcipher = cipher_open_by_nid(cipher))) { + logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%s) uses unknown cipher!", from->name, from->hostname); + return false; + } + } else { + from->outcipher = NULL; } - if(!(from->outdigest = digest_open_by_nid(digest, maclength))) { - logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%s) uses unknown digest!", from->name, from->hostname); - return false; + if(digest) { + if(!(from->outdigest = digest_open_by_nid(digest, maclength))) { + logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%s) uses unknown digest!", from->name, from->hostname); + return false; + } + } else { + from->outdigest = NULL; } if(maclength != digest_length(from->outdigest)) { @@ -418,8 +429,10 @@ bool ans_key_h(connection_t *c, const char *request) { /* Update our copy of the origin's packet key */ - cipher_set_key(from->outcipher, key, true); - digest_set_key(from->outdigest, key, keylen); + if(!cipher_set_key(from->outcipher, key, true)) + return false; + if(!digest_set_key(from->outdigest, key, keylen)) + return false; from->status.validkey = true; from->sent_seqno = 0; @@ -430,7 +443,7 @@ bool ans_key_h(connection_t *c, const char *request) { update_node_udp(from, &sa); } - if(from->options & OPTION_PMTU_DISCOVERY) + if(from->options & OPTION_PMTU_DISCOVERY && !(from->options & OPTION_TCPONLY)) send_mtu_probe(from); return true;