/*
fsck.c -- Check the configuration files for problems
- Copyright (C) 2014 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright (C) 2014-2021 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
// Something is seriously wrong here. If we can access the directory with tinc.conf in it, we should certainly be able to stat() an existing file.
fprintf(stderr, "ERROR: cannot read %s: %s\n", fname, strerror(errno));
fprintf(stderr, "Please correct this error.\n");
+ free(name);
return 1;
}
} else {
if(!f) {
fprintf(stderr, "ERROR: could not open %s: %s\n", fname, strerror(errno));
+ free(name);
return 1;
}
fprintf(stderr, "ERROR: No key or unusable key found in %s.\n", fname);
fprintf(stderr, "You can generate a new RSA key with:\n\n");
print_tinc_cmd(argv0, "generate-rsa-keys");
+ free(name);
return 1;
}
-#if !defined(HAVE_MINGW) && !defined(HAVE_CYGWIN)
+#ifndef HAVE_MINGW
if(st.st_mode & 077) {
fprintf(stderr, "WARNING: unsafe file permissions on %s.\n", fname);
// Something is seriously wrong here. If we can access the directory with tinc.conf in it, we should certainly be able to stat() an existing file.
fprintf(stderr, "ERROR: cannot read %s: %s\n", fname, strerror(errno));
fprintf(stderr, "Please correct this error.\n");
+ free(name);
return 1;
}
} else {
if(!f) {
fprintf(stderr, "ERROR: could not open %s: %s\n", fname, strerror(errno));
+ free(name);
return 1;
}
fprintf(stderr, "ERROR: No key or unusable key found in %s.\n", fname);
fprintf(stderr, "You can generate a new Ed25519 key with:\n\n");
print_tinc_cmd(argv0, "generate-ed25519-keys");
+ free(name);
return 1;
}
-#if !defined(HAVE_MINGW) && !defined(HAVE_CYGWIN)
+#ifndef HAVE_MINGW
if(st.st_mode & 077) {
fprintf(stderr, "WARNING: unsafe file permissions on %s.\n", fname);
#endif
fprintf(stderr, "You can generate new keys with:\n\n");
print_tinc_cmd(argv0, "generate-keys");
+ free(name);
return 1;
}
snprintf(fname, sizeof(fname), "%s/hosts/%s", confbase, name);
+ free(name);
+
if(access(fname, R_OK)) {
fprintf(stderr, "WARNING: cannot read %s\n", fname);
}
if(len != rsa_size(rsa_pub)) {
fprintf(stderr, "ERROR: public and private RSA keys do not match.\n");
+ rsa_free(rsa_pub);
+ rsa_free(rsa_priv);
+ free(ecdsa_priv);
return 1;
}
- char buf1[len], buf2[len], buf3[len];
- randomize(buf1, sizeof(buf1));
- buf1[0] &= 0x7f;
- memset(buf2, 0, sizeof(buf2));
- memset(buf3, 0, sizeof(buf2));
+ char *buf1 = malloc(len);
+ char *buf2 = malloc(len);
+ char *buf3 = malloc(len);
- if(!rsa_public_encrypt(rsa_pub, buf1, sizeof(buf1), buf2)) {
+ randomize(buf1, len);
+ buf1[0] &= 0x7f;
+ memset(buf2, 0, len);
+ memset(buf3, 0, len);
+ bool result = false;
+
+ if(rsa_public_encrypt(rsa_pub, buf1, len, buf2)) {
+ if(rsa_private_decrypt(rsa_priv, buf2, len, buf3)) {
+ if(memcmp(buf1, buf3, len)) {
+ result = true;
+ } else {
+ fprintf(stderr, "ERROR: public and private RSA keys do not match.\n");
+ }
+ } else {
+ fprintf(stderr, "ERROR: private RSA key does not work.\n");
+ }
+ } else {
fprintf(stderr, "ERROR: public RSA key does not work.\n");
- return 1;
}
- if(!rsa_private_decrypt(rsa_priv, buf2, sizeof(buf2), buf3)) {
- fprintf(stderr, "ERROR: private RSA key does not work.\n");
- return 1;
- }
- if(memcmp(buf1, buf3, sizeof(buf1))) {
- fprintf(stderr, "ERROR: public and private RSA keys do not match.\n");
+ rsa_free(rsa_pub);
+ rsa_pub = NULL;
+
+ free(buf3);
+ free(buf2);
+ free(buf1);
+
+ if(!result) {
+ rsa_free(rsa_priv);
+ free(ecdsa_priv);
return 1;
}
}
+
+ rsa_free(rsa_priv);
+ rsa_priv = NULL;
} else {
if(rsa_pub) {
fprintf(stderr, "WARNING: A public RSA key was found but no private key is known.\n");
+ rsa_free(rsa_pub);
+ rsa_pub = NULL;
}
}
// TODO: suggest remedies
char *key1 = ecdsa_get_base64_public_key(ecdsa_pub);
+ free(ecdsa_pub);
+ ecdsa_pub = NULL;
+
if(!key1) {
fprintf(stderr, "ERROR: public Ed25519 key does not work.\n");
+ free(ecdsa_priv);
return 1;
}
char *key2 = ecdsa_get_base64_public_key(ecdsa_priv);
if(!key2) {
- free(key1);
fprintf(stderr, "ERROR: private Ed25519 key does not work.\n");
+ free(ecdsa_priv);
+ free(key1);
return 1;
}
if(result) {
fprintf(stderr, "ERROR: public and private Ed25519 keys do not match.\n");
+ free(ecdsa_priv);
return 1;
}
}
+
+ free(ecdsa_priv);
+ ecdsa_priv = NULL;
} else {
if(ecdsa_pub) {
fprintf(stderr, "WARNING: A public Ed25519 key was found but no private key is known.\n");
+ free(ecdsa_pub);
+ ecdsa_pub = NULL;
}
}