Hi, On Mon, Mar 13, 2023 at 02:42:33PM +0100, Arne Schwabe wrote: > The open_tun_dco_generic already allocates the actual_name string, this > shadows the allocation in the FreeBSD/Linux specific methods. > > The HMAC leaks are just forgotten frees/deinitialisations. > > Found-By: clang with asan > > Patch v2: rebase. Include linux bits accidentially forgotten. > > Change-Id: I3c344af047abe94c0178bde1781eb450f10d157d > Signed-off-by: Arne Schwabe <[email protected]>
NAK, though I'm not sure I really understand why.
The free_buf() call fails on a server instance with --tls-crypt +
--tls-crypt-v2, because "buf" is modified by tls_wrap_control() in
this case.
Sprinkled-in msg() calls show that "buf.data" points elsewhere
after the call, and then free_buf() fails
2023-03-13 19:13:18 us=537725 Initialization Sequence Completed
2023-03-13 19:13:20 us=782049 GERT: in tls_reset_standalone,
&buf=0x7ffca7010ef0, buf.data=0x562bd5669370
2023-03-13 19:13:20 us=782103 GERT: tls_reset_standalone before
tls_wrap_control(), &buf=0x7ffca7010ef0, buf.data=0x562bd5669370
2023-03-13 19:13:20 us=782123 GERT: at end of tls_reset_standalone,
&buf=0x7ffca7010ef0, buf.data=0x562bd565dcc8
2023-03-13 19:13:20 us=782140 GERT: in send_hmac_reset_packet,
&buf=0x7ffca7010f60, buf.data=0x562bd565dcc8
free(): invalid pointer
Aborted
The tt->actual changes are fine, and the tls_auth_standalone change
also looks good (if complicated to grok).
This code here is fine for "naked" and "tls-auth".
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany [email protected]
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
