X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fprotocol_key.c;h=09acd6a9308d4ccef5ab6c7f94758da3e901318a;hb=a5c6c6ea1ab657d83a4d8b064ac9bfa9c16adf63;hp=1efeaa837eec3020765867be6d4e7f02cd7ca345;hpb=cfc9fee931c70554353ce6c4acc3407baac08745;p=tinc

diff --git a/src/protocol_key.c b/src/protocol_key.c
index 1efeaa83..09acd6a9 100644
--- a/src/protocol_key.c
+++ b/src/protocol_key.c
@@ -32,6 +32,8 @@
 #include "sptps.h"
 #include "utils.h"
 #include "compression.h"
+#include "random.h"
+#include "xalloc.h"
 
 void send_key_changed(void) {
 #ifndef DISABLE_LEGACY
@@ -339,7 +341,8 @@ bool send_ans_key(node_t *to) {
 	return false;
 #else
 	size_t keylen = myself->incipher ? cipher_keylength(myself->incipher) : 1;
-	char *key = alloca(keylen * 2 + 1);
+	size_t keyhexlen = HEX_SIZE(keylen);
+	char *key = alloca(keyhexlen);
 
 	randomize(key, keylen);
 
@@ -386,12 +389,16 @@ bool send_ans_key(node_t *to) {
 
 	to->status.validkey_in = true;
 
-	return send_request(to->nexthop->connection, "%d %s %s %s %d %d %lu %d", ANS_KEY,
-	                    myself->name, to->name, key,
-	                    cipher_get_nid(to->incipher),
-	                    digest_get_nid(to->indigest),
-	                    (unsigned long)digest_length(to->indigest),
-	                    to->incompression);
+	bool sent = send_request(to->nexthop->connection, "%d %s %s %s %d %d %lu %d", ANS_KEY,
+	                         myself->name, to->name, key,
+	                         cipher_get_nid(to->incipher),
+	                         digest_get_nid(to->indigest),
+	                         (unsigned long)digest_length(to->indigest),
+	                         to->incompression);
+
+	memzero(key, keyhexlen);
+
+	return sent;
 #endif
 }