From 48c87b045ff3143f369c96208b7b318352d309f8 Mon Sep 17 00:00:00 2001
From: Guus Sliepen <guus@meshlink.io>
Date: Mon, 26 Oct 2015 23:06:53 +0100
Subject: [PATCH] Fix incorrect SPTPS session labels.

To prevent a MITM from being able to splice different SPTPS sessions
together, each session has a unique label. snprintf() was used to fill a
buffer with the label, however the buffer was not big enough for the whole
label. Linux made sure the last byte of the buffer was a NUL character,
Windows did not, resulting in the two unable to connect to each other.
---
 src/protocol_auth.c | 12 +++++++-----
 src/protocol_key.c  | 12 ++++++------
 2 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/src/protocol_auth.c b/src/protocol_auth.c
index 404a81c8..7a405fe4 100644
--- a/src/protocol_auth.c
+++ b/src/protocol_auth.c
@@ -289,7 +289,9 @@ bool id_h(meshlink_handle_t *mesh, connection_t *c, const char *request) {
 		c->protocol_minor = 2;
 		c->allow_request = 1;
 
-		return sptps_start(&c->sptps, c, false, false, mesh->invitation_key, c->ecdsa, "meshlink invitation", 15, send_meta_sptps, receive_invitation_sptps);
+		static const char label[] = "MeshLink invitation";
+
+		return sptps_start(&c->sptps, c, false, false, mesh->invitation_key, c->ecdsa, label, sizeof label - 1, send_meta_sptps, receive_invitation_sptps);
 	}
 
 	/* Check if identity is a valid name */
@@ -354,14 +356,14 @@ bool id_h(meshlink_handle_t *mesh, connection_t *c, const char *request) {
 	}
 
 	c->allow_request = ACK;
-	char label[25 + strlen(mesh->self->name) + strlen(c->name)];
+	char label[14 + strlen(mesh->self->name) + strlen(c->name) + 1];
 
 	if(c->outgoing)
-		snprintf(label, sizeof label, "meshlink TCP key expansion %s %s", mesh->self->name, c->name);
+		snprintf(label, sizeof label, "MeshLink TCP %s %s", mesh->self->name, c->name);
 	else
-		snprintf(label, sizeof label, "meshlink TCP key expansion %s %s", c->name, mesh->self->name);
+		snprintf(label, sizeof label, "MeshLink TCP %s %s", c->name, mesh->self->name);
 
-	return sptps_start(&c->sptps, c, c->outgoing, false, mesh->self->connection->ecdsa, c->ecdsa, label, sizeof label, send_meta_sptps, receive_meta_sptps);
+	return sptps_start(&c->sptps, c, c->outgoing, false, mesh->self->connection->ecdsa, c->ecdsa, label, sizeof label - 1, send_meta_sptps, receive_meta_sptps);
 }
 
 bool send_ack(meshlink_handle_t *mesh, connection_t *c) {
diff --git a/src/protocol_key.c b/src/protocol_key.c
index 3ae65f0d..7f62b5fa 100644
--- a/src/protocol_key.c
+++ b/src/protocol_key.c
@@ -88,14 +88,14 @@ bool send_req_key(meshlink_handle_t *mesh, node_t *to) {
 	if(to->sptps.label)
 		logger(mesh, MESHLINK_DEBUG, "send_req_key(%s) called while sptps->label != NULL!", to->name);
 
-	char label[25 + strlen(mesh->self->name) + strlen(to->name)];
-	snprintf(label, sizeof label, "MeshLink UDP key expansion %s %s", mesh->self->name, to->name);
+	char label[14 + strlen(mesh->self->name) + strlen(to->name) + 1];
+	snprintf(label, sizeof label, "MeshLink UDP %s %s", mesh->self->name, to->name);
 	sptps_stop(&to->sptps);
 	to->status.validkey = false;
 	to->status.waitingforkey = true;
 	to->last_req_key = mesh->loop.now.tv_sec;
 	to->incompression = mesh->self->incompression;
-	return sptps_start(&to->sptps, to, true, true, mesh->self->connection->ecdsa, to->ecdsa, label, sizeof label, send_initial_sptps_data, receive_sptps_record);
+	return sptps_start(&to->sptps, to, true, true, mesh->self->connection->ecdsa, to->ecdsa, label, sizeof label - 1, send_initial_sptps_data, receive_sptps_record);
 }
 
 /* REQ_KEY is overloaded to allow arbitrary requests to be routed between two nodes. */
@@ -149,13 +149,13 @@ static bool req_key_ext_h(meshlink_handle_t *mesh, connection_t *c, const char *
 				return true;
 			}
 
-			char label[25 + strlen(from->name) + strlen(mesh->self->name)];
-			snprintf(label, sizeof label, "MeshLink UDP key expansion %s %s", from->name, mesh->self->name);
+			char label[14 + strlen(from->name) + strlen(mesh->self->name) + 1];
+			snprintf(label, sizeof label, "MeshLink UDP %s %s", from->name, mesh->self->name);
 			sptps_stop(&from->sptps);
 			from->status.validkey = false;
 			from->status.waitingforkey = true;
 			from->last_req_key = mesh->loop.now.tv_sec;
-			sptps_start(&from->sptps, from, false, true, mesh->self->connection->ecdsa, from->ecdsa, label, sizeof label, send_sptps_data, receive_sptps_record);
+			sptps_start(&from->sptps, from, false, true, mesh->self->connection->ecdsa, from->ecdsa, label, sizeof label - 1, send_sptps_data, receive_sptps_record);
 			sptps_receive_data(&from->sptps, buf, len);
 			return true;
 		}
-- 
2.39.2