projects / tinc / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5716c88)
Check validity of Ed25519 key during an upgrade.
authorGuus Sliepen <guus@tinc-vpn.org>
Sun, 7 Dec 2014 16:20:18 +0000 (17:20 +0100)
committerGuus Sliepen <guus@tinc-vpn.org>
Sun, 7 Dec 2014 16:20:18 +0000 (17:20 +0100)
src/protocol_auth.c patch | blob | history

diff --git a/src/protocol_auth.c b/src/protocol_auth.c
index 73a591e..be90d92 100644 (file)
--- a/src/protocol_auth.c
+++ b/src/protocol_auth.c
@@ -730,6 +730,12 @@ static bool upgrade_h(connection_t *c, const char *request) {
                return false;
        }
 
+       c->ecdsa = ecdsa_set_base64_public_key(pubkey);
+       if(!c->ecdsa) {
+               logger(DEBUG_ALWAYS, LOG_INFO, "Got bad Ed25519 public key from %s (%s), not upgrading.", c->name, c->hostname);
+               return false;
+       }
+
        logger(DEBUG_ALWAYS, LOG_INFO, "Got Ed25519 public key from %s (%s), upgrading!", c->name, c->hostname);
        append_config_file(c->name, "Ed25519PublicKey", pubkey);
        c->allow_request = TERMREQ;
tinc, the VPN daemon