projects / oweals / tinc.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Prevent oracle attacks (CVE-2018-16737, CVE-2018-16738)
[oweals/tinc.git] / src / protocol_edge.c
diff --git a/src/protocol_edge.c b/src/protocol_edge.c
index be48e0d4bb470aefbcb9589784b443b634cc1c7a..a1cf640973a697d0e6709a88d2415edcb3c59170 100644 (file)
--- a/src/protocol_edge.c
+++ b/src/protocol_edge.c
@@ -70,7 +70,7 @@ bool add_edge_h(connection_t *c) {
 
        /* Check if names are valid */
 
-       if(!check_id(from_name) || !check_id(to_name)) {
+       if(!check_id(from_name) || !check_id(to_name) || !strcmp(from_name, to_name)) {
                logger(LOG_ERR, "Got bad %s from %s (%s): %s", "ADD_EDGE", c->name,
                       c->hostname, "invalid name");
                return false;
@@ -197,7 +197,7 @@ bool del_edge_h(connection_t *c) {
 
        /* Check if names are valid */
 
-       if(!check_id(from_name) || !check_id(to_name)) {
+       if(!check_id(from_name) || !check_id(to_name) || !strcmp(from_name, to_name)) {
                logger(LOG_ERR, "Got bad %s from %s (%s): %s", "DEL_EDGE", c->name,
                       c->hostname, "invalid name");
                return false;
Unnamed repository; edit this file 'description' to name the repository.