Prevent possible buffer overflows when using very large (>= 8192 bit) RSA keys.

[oweals/tinc.git] / src / protocol_auth.c

diff --git a/src/protocol_auth.c b/src/protocol_auth.c
index 8d4b03290b9ecda546bf461dbb8d12d2a705c0cf..c44c6d01ce998cee3a0fc4fe5213d34c492641f8 100644 (file)
--- a/src/protocol_auth.c
+++ b/src/protocol_auth.c
@@ -118,7 +118,7 @@ bool id_h(connection_t *c)
 
 bool send_metakey(connection_t *c)
 {
-       char buffer[MAX_STRING_SIZE];
+       char *buffer;
        int len;
        bool x;
 
@@ -128,6 +128,8 @@ bool send_metakey(connection_t *c)
 
        /* Allocate buffers for the meta key */
 
+       buffer = alloca(2 * len + 1);
+       
        if(!c->outkey)
                c->outkey = xmalloc(len);
 
@@ -302,7 +304,7 @@ bool metakey_h(connection_t *c)
 
 bool send_challenge(connection_t *c)
 {
-       char buffer[MAX_STRING_SIZE];
+       char *buffer;
        int len;
 
        cp();
@@ -313,6 +315,8 @@ bool send_challenge(connection_t *c)
 
        /* Allocate buffers for the challenge */
 
+       buffer = alloca(2 * len + 1);
+
        if(!c->hischallenge)
                c->hischallenge = xmalloc(len);