int ret;
unsigned char rand_buf[APC_CHALLENGE_SIZE + 2 * SESSION_KEY_LEN];
unsigned char challenge_hash[HASH2_SIZE];
- char *command = NULL, *buf = alloc(HANDSHAKE_BUFSIZE) /* must be on the heap */;
+ char *command = NULL, *buf = NULL, hsbuf[HANDSHAKE_BUFSIZE];
+ unsigned char *crypt_buf;
size_t numbytes;
struct command_context cc_struct = {.u = NULL}, *cc = &cc_struct;
struct iovec iov;
if (ret < 0)
goto net_err;
/* recv auth request line */
- ret = recv_buffer(fd, buf, HANDSHAKE_BUFSIZE);
+ ret = recv_buffer(fd, hsbuf, HANDSHAKE_BUFSIZE);
if (ret < 0)
goto net_err;
- ret = parse_auth_request(buf, ret, &cc->u, &cf);
+ ret = parse_auth_request(hsbuf, ret, &cc->u, &cf);
if (ret < 0)
goto net_err;
if (cc->u) {
get_random_bytes_or_die(rand_buf, sizeof(rand_buf));
ret = apc_pub_encrypt(cc->u->pubkey, rand_buf, sizeof(rand_buf),
- (unsigned char *)buf);
+ &crypt_buf);
if (ret < 0)
goto net_err;
numbytes = ret;
* fail the authentication later.
*/
numbytes = 256;
- get_random_bytes_or_die((unsigned char *)buf, numbytes);
+ crypt_buf = alloc(numbytes);
+ get_random_bytes_or_die(crypt_buf, numbytes);
}
PARA_DEBUG_LOG("sending %d byte challenge + session key (%zu bytes)\n",
APC_CHALLENGE_SIZE, numbytes);
- ret = send_sb(&cc->scc, buf, numbytes, SBD_CHALLENGE, false);
- buf = NULL;
+ ret = send_sb(&cc->scc, crypt_buf, numbytes, SBD_CHALLENGE, false);
if (ret < 0)
goto net_err;
ret = recv_sb(&cc->scc, SBD_CHALLENGE_RESPONSE,