Wipe (some) secrets from memory after use

[tinc] / src / net_setup.c

diff --git a/src/net_setup.c b/src/net_setup.c
index a829e82..40cdaf6 100644 (file)
--- a/src/net_setup.c
+++ b/src/net_setup.c
@@ -267,7 +267,7 @@ bool setup_myself_reloadable(void) {
                        proxytype = PROXY_EXEC;
                } else {
                        logger(DEBUG_ALWAYS, LOG_ERR, "Unknown proxy type %s!", proxy);
-                       free(proxy);
+                       free_string(proxy);
                        return false;
                }
 
@@ -277,10 +277,10 @@ bool setup_myself_reloadable(void) {
                free(proxyport);
                proxyport = NULL;
 
-               free(proxyuser);
+               free_string(proxyuser);
                proxyuser = NULL;
 
-               free(proxypass);
+               free_string(proxypass);
                proxypass = NULL;
 
                switch(proxytype) {
@@ -291,7 +291,7 @@ bool setup_myself_reloadable(void) {
                case PROXY_EXEC:
                        if(!space || !*space) {
                                logger(DEBUG_ALWAYS, LOG_ERR, "Argument expected for proxy type exec!");
-                               free(proxy);
+                               free_string(proxy);
                                return false;
                        }
 
@@ -312,7 +312,7 @@ bool setup_myself_reloadable(void) {
                                logger(DEBUG_ALWAYS, LOG_ERR, "Host and port argument expected for proxy!");
                                proxyport = NULL;
                                proxyhost = NULL;
-                               free(proxy);
+                               free_string(proxy);
                                return false;
                        }
 
@@ -338,7 +338,7 @@ bool setup_myself_reloadable(void) {
                        break;
                }
 
-               free(proxy);
+               free_string(proxy);
        }
 
        bool choice;
@@ -788,9 +788,11 @@ static bool setup_myself(void) {
                }
        }
 
-       myself->connection->rsa = read_rsa_private_key(&config_tree, NULL);
+       rsa_t *rsa = read_rsa_private_key(&config_tree, NULL);
 
-       if(!myself->connection->rsa) {
+       if(rsa) {
+               myself->connection->legacy = new_legacy_ctx(rsa);
+       } else {
                if(experimental) {
                        logger(DEBUG_ALWAYS, LOG_WARNING, "Support for legacy protocol disabled.");
                } else {
@@ -946,7 +948,11 @@ static bool setup_myself(void) {
 #endif
 
        /* Compression */
-       if(get_config_int(lookup_config(&config_tree, "Compression"), &myself->incompression)) {
+       int incompression = 0;
+
+       if(get_config_int(lookup_config(&config_tree, "Compression"), &incompression)) {
+               myself->incompression = incompression;
+
                switch(myself->incompression) {
                case COMPRESS_LZ4:
 #ifdef HAVE_LZ4
@@ -996,8 +1002,6 @@ static bool setup_myself(void) {
                myself->incompression = COMPRESS_NONE;
        }
 
-       myself->connection->outcompression = COMPRESS_NONE;
-
        /* Done */
 
        myself->nexthop = myself;