From: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon, 20 Mar 2017 18:19:01 +0000 (+0100)
Subject: Don't dereference myself->incipher if it's NULL.
X-Git-Tag: release-1.0.32~12
X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=commitdiff_plain;h=5c344f297682cf11793407fca4547968aee22d95;hp=1da051a7a2be587f4eb72db419df628f9e68e738

Don't dereference myself->incipher if it's NULL.

This fixes #142 on GitHub.
---

diff --git a/NEWS b/NEWS
index 34c6f1f5..028cc9cd 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,7 @@
+Version 1.0.32               not released yet
+
+ * Fix segmentation fault when using Cipher = none.
+
 Version 1.0.31               January 15 2017
 
  * Remove ExecStop in tinc@.service.
diff --git a/src/net_setup.c b/src/net_setup.c
index d7668885..2371f7ee 100644
--- a/src/net_setup.c
+++ b/src/net_setup.c
@@ -1,7 +1,7 @@
 /*
     net_setup.c -- Setup.
     Copyright (C) 1998-2005 Ivo Timmermans,
-                  2000-2016 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2017 Guus Sliepen <guus@tinc-vpn.org>
                   2006      Scott Lamb <slamb@slamb.org>
                   2010      Brandon Black <blblack@gmail.com>
 
@@ -660,9 +660,12 @@ static bool setup_myself(void) {
 	/* We need to use a stream mode for the meta protocol. Use AES for this,
 	   but try to match the key size with the one from the cipher selected
 	   by Cipher.
+
+	   If Cipher is set to none, still use a low level of encryption for the
+	   meta protocol.
 	*/
 
-	int keylen = EVP_CIPHER_key_length(myself->incipher);
+	int keylen = myself->incipher ? EVP_CIPHER_key_length(myself->incipher) : 0;
 	if(keylen <= 16)
 		myself->connection->outcipher = EVP_aes_128_cfb();
 	else if(keylen <= 24)