Prevent oracle attacks in the legacy protocol (CVE-2018-16737, CVE-2018-16738)

[tinc] / src / protocol.c

diff --git a/src/protocol.c b/src/protocol.c
index 941459c..c7dd8fb 100644 (file)
--- a/src/protocol.c
+++ b/src/protocol.c
@@ -36,7 +36,7 @@ bool experimental = true;
 
 static bool (*request_handlers[])(connection_t *, const char *) = {
        id_h, metakey_h, challenge_h, chal_reply_h, ack_h,
-       status_h, error_h, termreq_h,
+       NULL, NULL, termreq_h,
        ping_h, pong_h,
        add_subnet_h, del_subnet_h,
        add_edge_h, del_edge_h,
@@ -82,7 +82,8 @@ bool send_request(connection_t *c, const char *format, ...) {
                return false;
        }
 
-       logger(DEBUG_META, LOG_DEBUG, "Sending %s to %s (%s): %s", request_name[atoi(request)], c->name, c->hostname, request);
+       int id = atoi(request);
+       logger(DEBUG_META, LOG_DEBUG, "Sending %s to %s (%s): %s", request_name[id], c->name, c->hostname, request);
 
        request[len++] = '\n';
 
@@ -90,7 +91,12 @@ bool send_request(connection_t *c, const char *format, ...) {
                broadcast_meta(NULL, request, len);
                return true;
        } else {
-               return send_meta(c, request, len);
+               if(id) {
+                       return send_meta(c, request, len);
+               } else {
+                       send_meta_raw(c, request, len);
+                       return true;
+               }
        }
 }