| @@ -1,16 +1,16 @@ | | | @@ -1,16 +1,16 @@ |
1 | $NetBSD: patch-aa,v 1.3 2007/04/21 15:19:01 obache Exp $ | | 1 | $NetBSD: patch-aa,v 1.4 2009/04/18 19:27:11 tonnerre Exp $ |
2 | | | 2 | |
3 | --- src/protocol_auth.c.orig 2006-04-26 13:53:05.000000000 +0000 | | 3 | --- src/protocol_auth.c.orig 2008-12-22 21:35:45.000000000 +0100 |
4 | +++ src/protocol_auth.c | | 4 | +++ src/protocol_auth.c |
5 | @@ -128,10 +128,10 @@ bool send_metakey(connection_t *c) | | 5 | @@ -128,10 +128,10 @@ bool send_metakey(connection_t *c) |
6 | | | 6 | |
7 | /* Allocate buffers for the meta key */ | | 7 | /* Allocate buffers for the meta key */ |
8 | | | 8 | |
9 | - buffer = alloca(2 * len + 1); | | 9 | - buffer = alloca(2 * len + 1); |
10 | + buffer = xmalloc_and_zero(2 * len + 1); | | 10 | + buffer = xmalloc_and_zero(2 * len + 1); |
11 | | | 11 | |
12 | if(!c->outkey) | | 12 | if(!c->outkey) |
13 | - c->outkey = xmalloc(len); | | 13 | - c->outkey = xmalloc(len); |
14 | + c->outkey = xmalloc_and_zero(len); | | 14 | + c->outkey = xmalloc_and_zero(len); |
15 | | | 15 | |
16 | if(!c->outctx) | | 16 | if(!c->outctx) |
| @@ -62,90 +62,82 @@ $NetBSD: patch-aa,v 1.3 2007/04/21 15:19 | | | @@ -62,90 +62,82 @@ $NetBSD: patch-aa,v 1.3 2007/04/21 15:19 |
62 | return false; | | 62 | return false; |
63 | } | | 63 | } |
64 | | | 64 | |
65 | - len = RSA_size(myself->connection->rsa_key); | | 65 | - len = RSA_size(myself->connection->rsa_key); |
66 | | | 66 | |
67 | /* Check if the length of the meta key is all right */ | | 67 | /* Check if the length of the meta key is all right */ |
68 | | | 68 | |
69 | if(strlen(buffer) != len * 2) { | | 69 | if(strlen(buffer) != len * 2) { |
70 | logger(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, "wrong keylength"); | | 70 | logger(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, "wrong keylength"); |
71 | + free(buffer); | | 71 | + free(buffer); |
72 | return false; | | 72 | return false; |
73 | } | | 73 | } |
74 | | | 74 | |
75 | @@ -242,6 +253,7 @@ bool metakey_h(connection_t *c) | | 75 | @@ -260,6 +271,7 @@ bool metakey_h(connection_t *c) |
76 | if(RSA_private_decrypt(len, (unsigned char *)buffer, (unsigned char *)c->inkey, myself->connection->rsa_key, RSA_NO_PADDING) != len) { /* See challenge() */ | | | |
77 | logger(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), | | | |
78 | c->name, c->hostname); | | | |
79 | + free(buffer); | | | |
80 | return false; | | | |
81 | } | | | |
82 | | | | |
83 | @@ -260,6 +272,7 @@ bool metakey_h(connection_t *c) | | | |
84 | | | 76 | |
85 | if(!c->incipher) { | | 77 | if(!c->incipher) { |
86 | logger(LOG_ERR, _("%s (%s) uses unknown cipher!"), c->name, c->hostname); | | 78 | logger(LOG_ERR, _("%s (%s) uses unknown cipher!"), c->name, c->hostname); |
87 | + free(buffer); | | 79 | + free(buffer); |
88 | return false; | | 80 | return false; |
89 | } | | 81 | } |
90 | | | 82 | |
91 | @@ -269,6 +282,7 @@ bool metakey_h(connection_t *c) | | 83 | @@ -269,6 +281,7 @@ bool metakey_h(connection_t *c) |
92 | c->incipher->iv_len)) { | | 84 | c->incipher->iv_len)) { |
93 | logger(LOG_ERR, _("Error during initialisation of cipher from %s (%s): %s"), | | 85 | logger(LOG_ERR, _("Error during initialisation of cipher from %s (%s): %s"), |
94 | c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL)); | | 86 | c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL)); |
95 | + free(buffer); | | 87 | + free(buffer); |
96 | return false; | | 88 | return false; |
97 | } | | 89 | } |
98 | | | 90 | |
99 | @@ -284,11 +298,13 @@ bool metakey_h(connection_t *c) | | 91 | @@ -284,11 +297,13 @@ bool metakey_h(connection_t *c) |
100 | | | 92 | |
101 | if(!c->indigest) { | | 93 | if(!c->indigest) { |
102 | logger(LOG_ERR, _("Node %s (%s) uses unknown digest!"), c->name, c->hostname); | | 94 | logger(LOG_ERR, _("Node %s (%s) uses unknown digest!"), c->name, c->hostname); |
103 | + free(buffer); | | 95 | + free(buffer); |
104 | return false; | | 96 | return false; |
105 | } | | 97 | } |
106 | | | 98 | |
107 | if(c->inmaclength > c->indigest->md_size || c->inmaclength < 0) { | | 99 | if(c->inmaclength > c->indigest->md_size || c->inmaclength < 0) { |
108 | logger(LOG_ERR, _("%s (%s) uses bogus MAC length!"), c->name, c->hostname); | | 100 | logger(LOG_ERR, _("%s (%s) uses bogus MAC length!"), c->name, c->hostname); |
109 | + free(buffer); | | 101 | + free(buffer); |
110 | return false; | | 102 | return false; |
111 | } | | 103 | } |
112 | } else { | | 104 | } else { |
113 | @@ -299,6 +315,7 @@ bool metakey_h(connection_t *c) | | 105 | @@ -299,6 +314,7 @@ bool metakey_h(connection_t *c) |
114 | | | 106 | |
115 | c->allow_request = CHALLENGE; | | 107 | c->allow_request = CHALLENGE; |
116 | | | 108 | |
117 | + free(buffer); | | 109 | + free(buffer); |
118 | return send_challenge(c); | | 110 | return send_challenge(c); |
119 | } | | 111 | } |
120 | | | 112 | |
121 | @@ -306,6 +323,7 @@ bool send_challenge(connection_t *c) | | 113 | @@ -306,6 +322,7 @@ bool send_challenge(connection_t *c) |
122 | { | | 114 | { |
123 | char *buffer; | | 115 | char *buffer; |
124 | int len; | | 116 | int len; |
125 | + bool ret; | | 117 | + bool ret; |
126 | | | 118 | |
127 | cp(); | | 119 | cp(); |
128 | | | 120 | |
129 | @@ -315,7 +333,7 @@ bool send_challenge(connection_t *c) | | 121 | @@ -315,7 +332,7 @@ bool send_challenge(connection_t *c) |
130 | | | 122 | |
131 | /* Allocate buffers for the challenge */ | | 123 | /* Allocate buffers for the challenge */ |
132 | | | 124 | |
133 | - buffer = alloca(2 * len + 1); | | 125 | - buffer = alloca(2 * len + 1); |
134 | + buffer = xmalloc_and_zero(2 * len + 1); | | 126 | + buffer = xmalloc_and_zero(2 * len + 1); |
135 | | | 127 | |
136 | if(!c->hischallenge) | | 128 | if(!c->hischallenge) |
137 | c->hischallenge = xmalloc(len); | | 129 | c->hischallenge = xmalloc(len); |
138 | @@ -331,29 +349,37 @@ bool send_challenge(connection_t *c) | | 130 | @@ -331,29 +348,37 @@ bool send_challenge(connection_t *c) |
139 | | | 131 | |
140 | /* Send the challenge */ | | 132 | /* Send the challenge */ |
141 | | | 133 | |
142 | - return send_request(c, "%d %s", CHALLENGE, buffer); | | 134 | - return send_request(c, "%d %s", CHALLENGE, buffer); |
143 | + ret = send_request(c, "%d %s", CHALLENGE, buffer); | | 135 | + ret = send_request(c, "%d %s", CHALLENGE, buffer); |
144 | + | | 136 | + |
145 | + free(buffer); | | 137 | + free(buffer); |
146 | + | | 138 | + |
147 | + return ret; | | 139 | + return ret; |
148 | } | | 140 | } |
149 | | | 141 | |
150 | bool challenge_h(connection_t *c) | | 142 | bool challenge_h(connection_t *c) |
151 | { | | 143 | { |
| @@ -169,21 +161,21 @@ $NetBSD: patch-aa,v 1.3 2007/04/21 15:19 | | | @@ -169,21 +161,21 @@ $NetBSD: patch-aa,v 1.3 2007/04/21 15:19 |
169 | } | | 161 | } |
170 | | | 162 | |
171 | - len = RSA_size(myself->connection->rsa_key); | | 163 | - len = RSA_size(myself->connection->rsa_key); |
172 | - | | 164 | - |
173 | /* Check if the length of the challenge is all right */ | | 165 | /* Check if the length of the challenge is all right */ |
174 | | | 166 | |
175 | if(strlen(buffer) != len * 2) { | | 167 | if(strlen(buffer) != len * 2) { |
176 | logger(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, | | 168 | logger(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, |
177 | c->hostname, "wrong challenge length"); | | 169 | c->hostname, "wrong challenge length"); |
178 | + free(buffer); | | 170 | + free(buffer); |
179 | return false; | | 171 | return false; |
180 | } | | 172 | } |
181 | | | 173 | |
182 | @@ -370,6 +396,7 @@ bool challenge_h(connection_t *c) | | 174 | @@ -370,6 +395,7 @@ bool challenge_h(connection_t *c) |
183 | | | 175 | |
184 | /* Rest is done by send_chal_reply() */ | | 176 | /* Rest is done by send_chal_reply() */ |
185 | | | 177 | |
186 | + free(buffer); | | 178 | + free(buffer); |
187 | return send_chal_reply(c); | | 179 | return send_chal_reply(c); |
188 | } | | 180 | } |
189 | | | 181 | |