X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fprotocol_key.c;h=6e31b5e89696e79ad6c71cc4ab7ff2efa088cb4c;hb=3a316823b971396a428f020f401b9fe41252d98d;hp=83851f2373e349db287ea244590ca501cb8e2bce;hpb=1a7a9078c093f77950192c32be009bbe463fe372;p=tinc

diff --git a/src/protocol_key.c b/src/protocol_key.c
index 83851f23..6e31b5e8 100644
--- a/src/protocol_key.c
+++ b/src/protocol_key.c
@@ -1,7 +1,7 @@
 /*
     protocol_key.c -- handle the meta-protocol, key exchange
     Copyright (C) 1999-2005 Ivo Timmermans,
-                  2000-2014 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2017 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -36,6 +36,7 @@
 static bool mykeyused = false;
 
 void send_key_changed(void) {
+#ifndef DISABLE_LEGACY
 	send_request(everyone, "%d %x %s", KEY_CHANGED, rand(), myself->name);
 
 	/* Immediately send new keys to directly connected nodes to keep UDP mappings alive */
@@ -43,6 +44,7 @@ void send_key_changed(void) {
 	for list_each(connection_t, c, connection_list)
 		if(c->edge && c->node && c->node->status.reachable && !c->node->status.sptps)
 			send_ans_key(c->node);
+#endif
 
 	/* Force key exchange for connections using SPTPS */
 
@@ -108,13 +110,13 @@ bool send_req_key(node_t *to) {
 		}
 
 		char label[25 + strlen(myself->name) + strlen(to->name)];
-		snprintf(label, sizeof label, "tinc UDP key expansion %s %s", myself->name, to->name);
+		snprintf(label, sizeof(label), "tinc UDP key expansion %s %s", myself->name, to->name);
 		sptps_stop(&to->sptps);
 		to->status.validkey = false;
 		to->status.waitingforkey = true;
 		to->last_req_key = now.tv_sec;
 		to->incompression = myself->incompression;
-		return sptps_start(&to->sptps, to, true, true, myself->connection->ecdsa, to->ecdsa, label, sizeof label, send_initial_sptps_data, receive_sptps_record);
+		return sptps_start(&to->sptps, to, true, true, myself->connection->ecdsa, to->ecdsa, label, sizeof(label), send_initial_sptps_data, receive_sptps_record);
 	}
 
 	return send_request(to->nexthop->connection, "%d %s %s", REQ_KEY, myself->name, to->name);
@@ -217,12 +219,12 @@ static bool req_key_ext_h(connection_t *c, const char *request, node_t *from, no
 			}
 
 			char label[25 + strlen(from->name) + strlen(myself->name)];
-			snprintf(label, sizeof label, "tinc UDP key expansion %s %s", from->name, myself->name);
+			snprintf(label, sizeof(label), "tinc UDP key expansion %s %s", from->name, myself->name);
 			sptps_stop(&from->sptps);
 			from->status.validkey = false;
 			from->status.waitingforkey = true;
 			from->last_req_key = now.tv_sec;
-			sptps_start(&from->sptps, from, false, true, myself->connection->ecdsa, from->ecdsa, label, sizeof label, send_sptps_data_myself, receive_sptps_record);
+			sptps_start(&from->sptps, from, false, true, myself->connection->ecdsa, from->ecdsa, label, sizeof(label), send_sptps_data_myself, receive_sptps_record);
 			sptps_receive_data(&from->sptps, buf, len);
 			send_mtu_info(myself, from, MTU);
 			return true;
@@ -354,7 +356,7 @@ bool ans_key_h(connection_t *c, const char *request) {
 	char key[MAX_STRING_SIZE];
 	char address[MAX_STRING_SIZE] = "";
 	char port[MAX_STRING_SIZE] = "";
-	int cipher, digest, maclength, compression, keylen;
+	int cipher, digest, maclength, compression;
 	node_t *from, *to;
 
 	if(sscanf(request, "%*d "MAX_STRING" "MAX_STRING" "MAX_STRING" %d %d %d %d "MAX_STRING" "MAX_STRING,
@@ -398,7 +400,7 @@ bool ans_key_h(connection_t *c, const char *request) {
 			return true;
 		}
 
-		if(!*address && from->address.sa.sa_family != AF_UNSPEC) {
+		if(!*address && from->address.sa.sa_family != AF_UNSPEC && to->minmtu) {
 			char *address, *port;
 			logger(DEBUG_PROTOCOL, LOG_DEBUG, "Appending reflexive UDP address to ANS_KEY from %s to %s", from->name, to->name);
 			sockaddr2str(&from->address, &address, &port);
@@ -416,7 +418,7 @@ bool ans_key_h(connection_t *c, const char *request) {
 	cipher_close(from->outcipher);
 	digest_close(from->outdigest);
 #endif
-	from->status.validkey = false;
+	if (!from->status.sptps) from->status.validkey = false;
 
 	if(compression < 0 || compression > 11) {
 		logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%s) uses bogus compression level!", from->name, from->hostname);
@@ -487,7 +489,7 @@ bool ans_key_h(connection_t *c, const char *request) {
 
 	/* Process key */
 
-	keylen = hex2bin(key, key, sizeof key);
+	int keylen = hex2bin(key, key, sizeof(key));
 
 	if(keylen != (from->outcipher ? cipher_keylength(from->outcipher) : 1)) {
 		logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%s) uses wrong keylength!", from->name, from->hostname);