Prevent oracle attacks (CVE-2018-16737, CVE-2018-16738)

[tinc] / src / protocol_auth.c

diff --git a/src/protocol_auth.c b/src/protocol_auth.c
index 95bb751..15807c3 100644 (file)
--- a/src/protocol_auth.c
+++ b/src/protocol_auth.c
@@ -60,7 +60,7 @@ bool id_h(connection_t *c) {
 
        /* Check if identity is a valid name */
 
-       if(!check_id(name)) {
+       if(!check_id(name) || !strcmp(name, myself->name)) {
                logger(LOG_ERR, "Got bad %s from %s (%s): %s", "ID", c->name,
                       c->hostname, "invalid name");
                return false;
@@ -96,6 +96,11 @@ bool id_h(connection_t *c) {
                }
 
                c->allow_request = ACK;
+
+               if(!c->outgoing) {
+                       send_id(c);
+               }
+
                return send_ack(c);
        }
 
@@ -115,6 +120,10 @@ bool id_h(connection_t *c) {
 
        c->allow_request = METAKEY;
 
+       if(!c->outgoing) {
+               send_id(c);
+       }
+
        return send_metakey(c);
 }
 
@@ -301,7 +310,8 @@ bool metakey_h(connection_t *c) {
                c->inbudget = byte_budget(c->incipher);
                c->status.decryptin = true;
        } else {
-               c->incipher = NULL;
+               logger(LOG_ERR, "%s (%s) uses null cipher!", c->name, c->hostname);
+               return false;
        }
 
        c->inmaclength = maclength;
@@ -319,7 +329,8 @@ bool metakey_h(connection_t *c) {
                        return false;
                }
        } else {
-               c->indigest = NULL;
+               logger(LOG_ERR, "%s (%s) uses null digest!", c->name, c->hostname);
+               return false;
        }
 
        c->incompression = compression;
@@ -393,7 +404,11 @@ bool challenge_h(connection_t *c) {
 
        /* Rest is done by send_chal_reply() */
 
-       return send_chal_reply(c);
+       if(c->outgoing) {
+               return send_chal_reply(c);
+       } else {
+               return true;
+       }
 }
 
 bool send_chal_reply(connection_t *c) {
@@ -495,6 +510,10 @@ bool chal_reply_h(connection_t *c) {
 
        c->allow_request = ACK;
 
+       if(!c->outgoing) {
+               send_chal_reply(c);
+       }
+
        return send_ack(c);
 }