X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fprotocol_key.c;h=f2f317de5e9888a6d603a95e148bbde371ec139b;hp=22692bb614e97632d2224bedbd77b1fb28647976;hb=b403f77dd84b7cae86bdaaf4961af515cf7a3fb9;hpb=4b6a9f1c1f645ce5989692655337d9e23ca28648;ds=sidebyside

diff --git a/src/protocol_key.c b/src/protocol_key.c
index 22692bb6..f2f317de 100644
--- a/src/protocol_key.c
+++ b/src/protocol_key.c
@@ -1,7 +1,7 @@
 /*
     protocol_key.c -- handle the meta-protocol, key exchange
     Copyright (C) 1999-2005 Ivo Timmermans,
-                  2000-2010 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2012 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -34,13 +34,13 @@
 #include "utils.h"
 #include "xalloc.h"
 
-bool mykeyused = false;
+static bool mykeyused = false;
 
-void send_key_changed() {
+void send_key_changed(void) {
 	avl_node_t *node;
 	connection_t *c;
 
-	send_request(broadcast, "%d %x %s", KEY_CHANGED, rand(), myself->name);
+	send_request(everyone, "%d %x %s", KEY_CHANGED, rand(), myself->name);
 
 	/* Immediately send new keys to directly connected nodes to keep UDP mappings alive */
 
@@ -145,8 +145,6 @@ bool req_key_h(connection_t *c) {
 }
 
 bool send_ans_key(node_t *to) {
-	char *key;
-
 	// Set key parameters
 	to->incipher = myself->incipher;
 	to->inkeylength = myself->inkeylength;
@@ -165,10 +163,10 @@ bool send_ans_key(node_t *to) {
 	// Reset sequence number and late packet window
 	mykeyused = true;
 	to->received_seqno = 0;
-	memset(to->late, 0, sizeof(to->late));
+	if(replaywin) memset(to->late, 0, replaywin);
 
 	// Convert to hexadecimal and send
-	key = alloca(2 * to->inkeylength + 1);
+	char key[2 * to->inkeylength + 1];
 	bin2hex(to->inkey, key, to->inkeylength);
 	key[to->inkeylength * 2] = '\0';
 
@@ -242,12 +240,16 @@ bool ans_key_h(connection_t *c) {
 		return send_request(to->nexthop->connection, "%s", c->buffer);
 	}
 
+	/* Don't use key material until every check has passed. */
+	from->status.validkey = false;
+
 	/* Update our copy of the origin's packet key */
 	from->outkey = xrealloc(from->outkey, strlen(key) / 2);
-
-	from->outkey = xstrdup(key);
 	from->outkeylength = strlen(key) / 2;
-	hex2bin(key, from->outkey, from->outkeylength);
+	if(!hex2bin(key, from->outkey, from->outkeylength)) {
+		logger(LOG_ERR, "Got bad %s from %s(%s): %s", "ANS_KEY", from->name, from->hostname, "invalid key");
+		return true;
+	}
 
 	/* Check and lookup cipher and digest algorithms */
 
@@ -312,7 +314,7 @@ bool ans_key_h(connection_t *c) {
 		update_node_udp(from, &sa);
 	}
 
-	if(from->options & OPTION_PMTU_DISCOVERY && !from->mtuprobes)
+	if(from->options & OPTION_PMTU_DISCOVERY && !from->mtuevent)
 		send_mtu_probe(from);
 
 	return true;