GitHub CI: update list of container images

[tinc] / src / protocol_key.c

diff --git a/src/protocol_key.c b/src/protocol_key.c
index 2796c7e..0890755 100644 (file)
--- a/src/protocol_key.c
+++ b/src/protocol_key.c
@@ -33,6 +33,7 @@
 #include "utils.h"
 #include "compression.h"
 #include "random.h"
+#include "xalloc.h"
 
 void send_key_changed(void) {
 #ifndef DISABLE_LEGACY
@@ -340,12 +341,16 @@ bool send_ans_key(node_t *to) {
        return false;
 #else
        size_t keylen = myself->incipher ? cipher_keylength(myself->incipher) : 1;
-       char *key = alloca(keylen * 2 + 1);
+       size_t keyhexlen = HEX_SIZE(keylen);
+       char *key = alloca(keyhexlen);
 
        randomize(key, keylen);
 
-       cipher_free(&to->incipher);
-       digest_free(&to->indigest);
+       cipher_free(to->incipher);
+       to->incipher = NULL;
+
+       digest_free(to->indigest);
+       to->indigest = NULL;
 
        if(myself->incipher) {
                to->incipher = cipher_alloc();
@@ -387,12 +392,16 @@ bool send_ans_key(node_t *to) {
 
        to->status.validkey_in = true;
 
-       return send_request(to->nexthop->connection, "%d %s %s %s %d %d %lu %d", ANS_KEY,
-                           myself->name, to->name, key,
-                           cipher_get_nid(to->incipher),
-                           digest_get_nid(to->indigest),
-                           (unsigned long)digest_length(to->indigest),
-                           to->incompression);
+       bool sent = send_request(to->nexthop->connection, "%d %s %s %s %d %d %lu %d", ANS_KEY,
+                                myself->name, to->name, key,
+                                cipher_get_nid(to->incipher),
+                                digest_get_nid(to->indigest),
+                                (unsigned long)digest_length(to->indigest),
+                                to->incompression);
+
+       memzero(key, keyhexlen);
+
+       return sent;
 #endif
 }
 
@@ -464,8 +473,11 @@ bool ans_key_h(connection_t *c, const char *request) {
 
 #ifndef DISABLE_LEGACY
        /* Don't use key material until every check has passed. */
-       cipher_free(&from->outcipher);
-       digest_free(&from->outdigest);
+       cipher_free(from->outcipher);
+       from->outcipher = NULL;
+
+       digest_free(from->outdigest);
+       from->outdigest = NULL;
 #endif
 
        if(!from->status.sptps) {
@@ -564,7 +576,8 @@ bool ans_key_h(connection_t *c, const char *request) {
                from->outcipher = cipher_alloc();
 
                if(!cipher_open_by_nid(from->outcipher, cipher)) {
-                       cipher_free(&from->outcipher);
+                       cipher_free(from->outcipher);
+                       from->outcipher = NULL;
                        logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%s) uses unknown cipher!", from->name, from->hostname);
                        return false;
                }
@@ -576,7 +589,8 @@ bool ans_key_h(connection_t *c, const char *request) {
                from->outdigest = digest_alloc();
 
                if(!digest_open_by_nid(from->outdigest, digest, maclength)) {
-                       digest_free(&from->outdigest);
+                       digest_free(from->outdigest);
+                       from->outdigest = NULL;
                        logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%s) uses unknown digest!", from->name, from->hostname);
                        return false;
                }