*/
{
/* decrypted challenge/session key buffer */
- unsigned char crypt_buf[1024];
+ unsigned char *crypt_buf;
struct sb_buffer sbb;
ret = recv_sb(ct, &sbb);
}
n = sbb.iov.iov_len;
PARA_INFO_LOG("<-- [challenge] (%zu bytes)\n", n);
- ret = apc_priv_decrypt(ct->key_file, crypt_buf,
+ ret = apc_priv_decrypt(ct->key_file, &crypt_buf,
sbb.iov.iov_base, n);
free(sbb.iov.iov_base);
if (ret < 0)
goto out;
+ if (ret != APC_CHALLENGE_SIZE + 2 * SESSION_KEY_LEN) {
+ free(crypt_buf);
+ ret = -E_DECRYPT;
+ goto out;
+ }
ct->challenge_hash = alloc(HASH2_SIZE);
if (has_feature("sha256", ct)) {
- hash2_function((char *)crypt_buf, APC_CHALLENGE_SIZE, ct->challenge_hash);
+ hash2_function((char *)crypt_buf, APC_CHALLENGE_SIZE,
+ ct->challenge_hash);
hash2_to_asc(ct->challenge_hash, buf);
} else {
- hash_function((char *)crypt_buf, APC_CHALLENGE_SIZE, ct->challenge_hash);
+ hash_function((char *)crypt_buf, APC_CHALLENGE_SIZE,
+ ct->challenge_hash);
hash_to_asc(ct->challenge_hash, buf);
}
- ct->scc.send = sc_new(crypt_buf + APC_CHALLENGE_SIZE, SESSION_KEY_LEN);
- ct->scc.recv = sc_new(crypt_buf + APC_CHALLENGE_SIZE + SESSION_KEY_LEN,
- SESSION_KEY_LEN);
+ ct->scc.send = sc_new(crypt_buf + APC_CHALLENGE_SIZE,
+ SESSION_KEY_LEN);
+ ct->scc.recv = sc_new(crypt_buf + APC_CHALLENGE_SIZE
+ + SESSION_KEY_LEN, SESSION_KEY_LEN);
+ free(crypt_buf);
PARA_INFO_LOG("--> %s\n", buf);
ct->status = CL_RECEIVED_CHALLENGE;
return 0;
struct lls_parse_result *lpr;
int ret, ll;
struct client_task *ct;
- char *kf = NULL, *user, *errctx, *home = para_homedir();
+ char *kf = NULL, *user, *errctx;
ret = lls(lls_parse(argc, argv, cmd, &lpr, &errctx));
if (ret < 0)
if (CLIENT_OPT_GIVEN(KEY_FILE, lpr))
kf = para_strdup(CLIENT_OPT_STRING_VAL(KEY_FILE, lpr));
else {
- kf = make_message("%s/.paraslash/key.%s", home, user);
- if (!file_exists(kf)) {
+ struct stat statbuf;
+ const char *confdir = get_confdir();
+ kf = make_message("%s/key.%s", confdir, user);
+ if (stat(kf, &statbuf) != 0) { /* assume file does not exist */
+ const char *home = getenv("HOME");
+ assert(home); /* get_confdir() above succeeded */
free(kf);
kf = make_message("%s/.ssh/id_rsa", home);
}
*ct_ptr = ct;
ret = lls_num_inputs(lpr);
out:
- free(home);
if (ret < 0) {
if (errctx)
PARA_ERROR_LOG("%s\n", errctx);