X-Git-Url: https://git.distorted.org.uk/~mdw/secnet/blobdiff_plain/59533c169a94f1a4d0eec39e72c0594b8dd57ab9..94c61b9cd7bf02f4cebfe0fb580db61e6e8bf636:/site.c

diff --git a/site.c b/site.c
index 624752c..4d3a612 100644
--- a/site.c
+++ b/site.c
@@ -628,7 +628,6 @@ static bool_t generate_msg5(struct site *st)
     buffer_init(&st->buffer,st->transform->max_start_pad+(4*4));
     /* Give the netlink code an opportunity to put its own stuff in the
        message (configuration information, etc.) */
-    st->netlink->output_config(st->netlink->st,&st->buffer);
     buf_prepend_uint32(&st->buffer,LABEL_MSG5);
     st->new_transform->forwards(st->new_transform->st,&st->buffer,
 				&transform_err);
@@ -660,11 +659,8 @@ static bool_t process_msg5(struct site *st, struct buffer_if *msg5,
 	slog(st,LOG_SEC,"MSG5/PING packet contained wrong label");
 	return False;
     }
-    if (!st->netlink->check_config(st->netlink->st,msg5)) {
-	slog(st,LOG_SEC,"MSG5/PING packet contained bad netlink config");
-	return False;
-    }
-    CHECK_EMPTY(msg5);
+    /* Older versions of secnet used to write some config data here
+     * which we ignore.  So we don't CHECK_EMPTY */
     return True;
 }
 
@@ -677,7 +673,6 @@ static bool_t generate_msg6(struct site *st)
     buffer_init(&st->buffer,st->transform->max_start_pad+(4*4));
     /* Give the netlink code an opportunity to put its own stuff in the
        message (configuration information, etc.) */
-    st->netlink->output_config(st->netlink->st,&st->buffer);
     buf_prepend_uint32(&st->buffer,LABEL_MSG6);
     st->new_transform->forwards(st->new_transform->st,&st->buffer,
 				&transform_err);
@@ -709,34 +704,36 @@ static bool_t process_msg6(struct site *st, struct buffer_if *msg6,
 	slog(st,LOG_SEC,"MSG6/PONG packet contained invalid data");
 	return False;
     }
-    if (!st->netlink->check_config(st->netlink->st,msg6)) {
-	slog(st,LOG_SEC,"MSG6/PONG packet contained bad netlink config");
-	return False;
-    }
-    CHECK_EMPTY(msg6);
+    /* Older versions of secnet used to write some config data here
+     * which we ignore.  So we don't CHECK_EMPTY */
     return True;
 }
 
+static bool_t decrypt_msg0(struct site *st, struct buffer_if *msg0)
+{
+    cstring_t transform_err;
+    struct msg0 m;
+    uint32_t problem;
+
+    if (!unpick_msg0(st,msg0,&m)) return False;
+
+    problem = st->current_transform->reverse(st->current_transform->st,
+					     msg0,&transform_err);
+    if (!problem) return True;
+
+    slog(st,LOG_SEC,"transform: %s",transform_err);
+    initiate_key_setup(st,"incoming message would not decrypt");
+    return False;
+}
+
 static bool_t process_msg0(struct site *st, struct buffer_if *msg0,
 			   const struct comm_addr *src)
 {
-    struct msg0 m;
-    cstring_t transform_err;
     uint32_t type;
 
-    if (!st->current_valid) {
-	slog(st,LOG_DROP,"incoming message but no current key -> dropping");
-	return initiate_key_setup(st,"incoming message but no current key");
-    }
-
-    if (!unpick_msg0(st,msg0,&m)) return False;
+    if (!decrypt_msg0(st,msg0))
+	return False;
 
-    if (st->current_transform->reverse(st->current_transform->st,
-				       msg0,&transform_err)) {
-	/* There's a problem */
-	slog(st,LOG_SEC,"transform: %s",transform_err);
-	return initiate_key_setup(st,"incoming message would not decrypt");
-    }
     CHECK_AVAIL(msg0,4);
     type=buf_unprepend_uint32(msg0);
     switch(type) {
@@ -1121,6 +1118,9 @@ static bool_t site_incoming(void *sst, struct buffer_if *buf,
 			    const struct comm_addr *source)
 {
     struct site *st=sst;
+
+    if (buf->size < 12) return False;
+
     uint32_t dest=ntohl(*(uint32_t *)buf->start);
 
     if (dest==0) {
@@ -1339,15 +1339,16 @@ static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context,
     st->netlink=find_cl_if(dict,"link",CL_NETLINK,True,"site",loc);
 
     list_t *comms_cfg=dict_lookup(dict,"comm");
-    if (!comms_cfg) cfgfatal(loc,"site","closure list \"comm\" not found");
+    if (!comms_cfg) cfgfatal(loc,"site","closure list \"comm\" not found\n");
     st->ncomms=list_length(comms_cfg);
     st->comms=safe_malloc_ary(sizeof(*st->comms),st->ncomms,"comms");
     assert(st->ncomms);
     for (i=0; i<st->ncomms; i++) {
 	item_t *item=list_elem(comms_cfg,i);
-	if (item->type!=t_closure) cfgfatal(loc,"site","comm is not a closure");
+	if (item->type!=t_closure)
+	    cfgfatal(loc,"site","comm is not a closure\n");
 	closure_t *cl=item->data.closure;
-	if (cl->type!=CL_COMM) cfgfatal(loc,"site","comm closure wrong type");
+	if (cl->type!=CL_COMM) cfgfatal(loc,"site","comm closure wrong type\n");
 	st->comms[i]=cl->interface;
     }
 
@@ -1599,7 +1600,7 @@ static void transport_peers_copy(struct site *st, transport_peers *dst,
     dst->npeers=src->npeers;
     memcpy(dst->peers, src->peers, sizeof(*dst->peers) * dst->npeers);
     transport_peers_debug(st,dst,"copy",
-			  src->npeers, &src->peers->addr, sizeof(src->peers));
+			  src->npeers, &src->peers->addr, sizeof(*src->peers));
 }
 
 void transport_xmit(struct site *st, transport_peers *peers,