*/
{
/* decrypted challenge/session key buffer */
- unsigned char crypt_buf[1024];
+ unsigned char *crypt_buf;
struct sb_buffer sbb;
ret = recv_sb(ct, &sbb);
}
n = sbb.iov.iov_len;
PARA_INFO_LOG("<-- [challenge] (%zu bytes)\n", n);
- ret = apc_priv_decrypt(ct->key_file, crypt_buf,
+ ret = apc_priv_decrypt(ct->key_file, &crypt_buf,
sbb.iov.iov_base, n);
free(sbb.iov.iov_base);
if (ret < 0)
goto out;
+ if (ret != APC_CHALLENGE_SIZE + 2 * SESSION_KEY_LEN) {
+ free(crypt_buf);
+ ret = -E_DECRYPT;
+ goto out;
+ }
ct->challenge_hash = alloc(HASH2_SIZE);
if (has_feature("sha256", ct)) {
hash2_function((char *)crypt_buf, APC_CHALLENGE_SIZE,
SESSION_KEY_LEN);
ct->scc.recv = sc_new(crypt_buf + APC_CHALLENGE_SIZE
+ SESSION_KEY_LEN, SESSION_KEY_LEN);
+ free(crypt_buf);
PARA_INFO_LOG("--> %s\n", buf);
ct->status = CL_RECEIVED_CHALLENGE;
return 0;
const char *confdir = get_confdir();
kf = make_message("%s/key.%s", confdir, user);
if (stat(kf, &statbuf) != 0) { /* assume file does not exist */
+ const char *home = getenv("HOME");
+ if (!home || !*home) {
+ ret = -ERRNO_TO_PARA_ERROR(EINVAL);
+ errctx = make_message("HOME unset or empty");
+ goto out;
+ }
free(kf);
- kf = make_message("%s/.ssh/id_rsa", confdir);
+ kf = make_message("%s/.ssh/id_rsa", home);
}
}
PARA_INFO_LOG("user: %s\n", user);