X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fprotocol_auth.c;h=385e54366dbd1bb4bad446446df0687503baf576;hp=d5b702d90bb4b49dfb4c4fb4a749921f5bf8029d;hb=8794274a30d535d49636fec825a0afbf30d8010d;hpb=5a161e86cf35351f5274d7a8e17fef4630b40686 diff --git a/src/protocol_auth.c b/src/protocol_auth.c index d5b702d9..385e5436 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -1,7 +1,7 @@ /* protocol_auth.c -- handle the meta-protocol, authentication Copyright (C) 1999-2005 Ivo Timmermans, - 2000-2012 Guus Sliepen + 2000-2013 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -126,7 +126,7 @@ static bool send_proxyrequest(connection_t *c) { } bool send_id(connection_t *c) { - if(proxytype) + if(proxytype && c->outgoing) if(!send_proxyrequest(c)) return false; @@ -215,7 +215,7 @@ bool send_metakey(connection_t *c) { /* Copy random data to the buffer */ - RAND_pseudo_bytes((unsigned char *)c->outkey, len); + RAND_bytes((unsigned char *)c->outkey, len); /* The message we send must be smaller than the modulus of the RSA key. By definition, for a key of k bits, the following formula holds: @@ -244,7 +244,7 @@ bool send_metakey(connection_t *c) { */ if(RSA_public_encrypt(len, (unsigned char *)c->outkey, (unsigned char *)buffer, c->rsa_key, RSA_NO_PADDING) != len) { - logger(LOG_ERR, "Error during encryption of meta key for %s (%s) %s", + logger(LOG_ERR, "Error during encryption of meta key for %s (%s): %s", c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL)); return false; } @@ -308,12 +308,15 @@ bool metakey_h(connection_t *c) { /* Convert the challenge from hexadecimal back to binary */ - hex2bin(buffer, buffer, len); + if(!hex2bin(buffer, buffer, len)) { + logger(LOG_ERR, "Got bad %s from %s(%s): %s", "METAKEY", c->name, c->hostname, "invalid key"); + return false; + } /* Decrypt the meta key */ if(RSA_private_decrypt(len, (unsigned char *)buffer, (unsigned char *)c->inkey, myself->connection->rsa_key, RSA_NO_PADDING) != len) { /* See challenge() */ - logger(LOG_ERR, "Error during decryption of meta key for %s (%s) %s", + logger(LOG_ERR, "Error during decryption of meta key for %s (%s): %s", c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL)); return false; } @@ -388,7 +391,7 @@ bool send_challenge(connection_t *c) { /* Copy random data to the buffer */ - RAND_pseudo_bytes((unsigned char *)c->hischallenge, len); + RAND_bytes((unsigned char *)c->hischallenge, len); /* Convert to hex */ @@ -426,7 +429,10 @@ bool challenge_h(connection_t *c) { /* Convert the challenge from hexadecimal back to binary */ - hex2bin(buffer, c->mychallenge, len); + if(!hex2bin(buffer, c->mychallenge, len)) { + logger(LOG_ERR, "Got bad %s from %s(%s): %s", "CHALLENGE", c->name, c->hostname, "invalid challenge"); + return false; + } c->allow_request = CHAL_REPLY; @@ -480,7 +486,10 @@ bool chal_reply_h(connection_t *c) { /* Convert the hash to binary format */ - hex2bin(hishash, hishash, c->outdigest->md_size); + if(!hex2bin(hishash, hishash, c->outdigest->md_size)) { + logger(LOG_ERR, "Got bad %s from %s(%s): %s", "CHAL_REPLY", c->name, c->hostname, "invalid hash"); + return false; + } /* Calculate the hash from the challenge we sent */