197 lines
4.6 KiB
Text
197 lines
4.6 KiB
Text
$NetBSD: patch-aa,v 1.2 2005/06/17 15:32:44 hira Exp $
|
|
|
|
--- src/protocol_auth.c Fri May 27 14:28:54 2005
|
|
+++ src/protocol_auth.c Fri May 27 14:28:30 2005
|
|
@@ -118,7 +118,7 @@
|
|
|
|
bool send_metakey(connection_t *c)
|
|
{
|
|
- char buffer[MAX_STRING_SIZE];
|
|
+ char *buffer;
|
|
int len;
|
|
bool x;
|
|
|
|
@@ -129,10 +129,11 @@
|
|
/* Allocate buffers for the meta key */
|
|
|
|
if(!c->outkey)
|
|
- c->outkey = xmalloc(len);
|
|
+ c->outkey = xmalloc_and_zero(len);
|
|
|
|
if(!c->outctx)
|
|
c->outctx = xmalloc_and_zero(sizeof(*c->outctx));
|
|
+ buffer = xmalloc_and_zero(2 * len + 1);
|
|
cp();
|
|
/* Copy random data to the buffer */
|
|
|
|
@@ -167,6 +168,7 @@
|
|
if(RSA_public_encrypt(len, c->outkey, buffer, c->rsa_key, RSA_NO_PADDING) != len) {
|
|
logger(LOG_ERR, _("Error during encryption of meta key for %s (%s)"),
|
|
c->name, c->hostname);
|
|
+ free(buffer);
|
|
return false;
|
|
}
|
|
|
|
@@ -191,35 +193,45 @@
|
|
c->outcipher->iv_len)) {
|
|
logger(LOG_ERR, _("Error during initialisation of cipher for %s (%s): %s"),
|
|
c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
|
|
+ free(buffer);
|
|
return false;
|
|
}
|
|
|
|
c->status.encryptout = true;
|
|
}
|
|
|
|
+ free(buffer);
|
|
return x;
|
|
}
|
|
|
|
bool metakey_h(connection_t *c)
|
|
{
|
|
- char buffer[MAX_STRING_SIZE];
|
|
+ char *buffer, fmt[513];
|
|
int cipher, digest, maclength, compression;
|
|
int len;
|
|
|
|
cp();
|
|
|
|
- if(sscanf(c->buffer, "%*d %d %d %d %d " MAX_STRING, &cipher, &digest, &maclength, &compression, buffer) != 5) {
|
|
+ len = RSA_size(myself->connection->rsa_key);
|
|
+ buffer = xmalloc(2 * len + 1);
|
|
+ memset(buffer, 0, 2 * len + 1);
|
|
+
|
|
+ memset(fmt, 0, 513);
|
|
+ snprintf(fmt, 512, "%%*d %%d %%d %%d %%d %%%ds", 2 * len);
|
|
+
|
|
+ if(sscanf(c->buffer, fmt, &cipher, &digest, &maclength, &compression, buffer) != 5) {
|
|
logger(LOG_ERR, _("Got bad %s from %s (%s)"), "METAKEY", c->name,
|
|
c->hostname);
|
|
+ free(buffer);
|
|
return false;
|
|
}
|
|
|
|
- len = RSA_size(myself->connection->rsa_key);
|
|
|
|
/* Check if the length of the meta key is all right */
|
|
|
|
if(strlen(buffer) != len * 2) {
|
|
logger(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, "wrong keylength");
|
|
+ free(buffer);
|
|
return false;
|
|
}
|
|
|
|
@@ -240,6 +252,7 @@
|
|
if(RSA_private_decrypt(len, buffer, c->inkey, myself->connection->rsa_key, RSA_NO_PADDING) != len) { /* See challenge() */
|
|
logger(LOG_ERR, _("Error during encryption of meta key for %s (%s)"),
|
|
c->name, c->hostname);
|
|
+ free(buffer);
|
|
return false;
|
|
}
|
|
|
|
@@ -258,6 +271,7 @@
|
|
|
|
if(!c->incipher) {
|
|
logger(LOG_ERR, _("%s (%s) uses unknown cipher!"), c->name, c->hostname);
|
|
+ free(buffer);
|
|
return false;
|
|
}
|
|
|
|
@@ -267,6 +281,7 @@
|
|
c->incipher->iv_len)) {
|
|
logger(LOG_ERR, _("Error during initialisation of cipher from %s (%s): %s"),
|
|
c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
|
|
+ free(buffer);
|
|
return false;
|
|
}
|
|
|
|
@@ -282,11 +297,13 @@
|
|
|
|
if(!c->indigest) {
|
|
logger(LOG_ERR, _("Node %s (%s) uses unknown digest!"), c->name, c->hostname);
|
|
+ free(buffer);
|
|
return false;
|
|
}
|
|
|
|
if(c->inmaclength > c->indigest->md_size || c->inmaclength < 0) {
|
|
logger(LOG_ERR, _("%s (%s) uses bogus MAC length!"), c->name, c->hostname);
|
|
+ free(buffer);
|
|
return false;
|
|
}
|
|
} else {
|
|
@@ -297,19 +314,22 @@
|
|
|
|
c->allow_request = CHALLENGE;
|
|
|
|
+ free(buffer);
|
|
return send_challenge(c);
|
|
}
|
|
|
|
bool send_challenge(connection_t *c)
|
|
{
|
|
- char buffer[MAX_STRING_SIZE];
|
|
+ char *buffer;
|
|
int len;
|
|
+ bool ret;
|
|
|
|
cp();
|
|
|
|
/* CHECKME: what is most reasonable value for len? */
|
|
|
|
len = RSA_size(c->rsa_key);
|
|
+ buffer = xmalloc_and_zero(2 * len + 1);
|
|
|
|
/* Allocate buffers for the challenge */
|
|
|
|
@@ -327,29 +347,37 @@
|
|
|
|
/* Send the challenge */
|
|
|
|
- return send_request(c, "%d %s", CHALLENGE, buffer);
|
|
+ ret = send_request(c, "%d %s", CHALLENGE, buffer);
|
|
+
|
|
+ free(buffer);
|
|
+
|
|
+ return ret;
|
|
}
|
|
|
|
bool challenge_h(connection_t *c)
|
|
{
|
|
- char buffer[MAX_STRING_SIZE];
|
|
- int len;
|
|
+ char *buffer, fmt[513];
|
|
+ int len = RSA_size(myself->connection->rsa_key);
|
|
|
|
cp();
|
|
|
|
- if(sscanf(c->buffer, "%*d " MAX_STRING, buffer) != 1) {
|
|
+ buffer = xmalloc(2 * len + 1);
|
|
+ memset(fmt, 0, 513);
|
|
+ snprintf(fmt, 512, "%%*d %%%ds", 2*len);
|
|
+
|
|
+ if(sscanf(c->buffer, fmt, buffer) != 1) {
|
|
logger(LOG_ERR, _("Got bad %s from %s (%s)"), "CHALLENGE", c->name,
|
|
c->hostname);
|
|
+ free(buffer);
|
|
return false;
|
|
}
|
|
|
|
- len = RSA_size(myself->connection->rsa_key);
|
|
-
|
|
/* Check if the length of the challenge is all right */
|
|
|
|
if(strlen(buffer) != len * 2) {
|
|
logger(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name,
|
|
c->hostname, "wrong challenge length");
|
|
+ free(buffer);
|
|
return false;
|
|
}
|
|
|
|
@@ -366,6 +394,7 @@
|
|
|
|
/* Rest is done by send_chal_reply() */
|
|
|
|
+ free(buffer);
|
|
return send_chal_reply(c);
|
|
}
|
|
|