[Openvpn-devel] [S] Change in openvpn[master]: Do not check key_state buffers that are in S_UNDEF state

Wed, 15 Nov 2023 02:24:32 -0800 

Attention is currently required from: flichtenheld, plaisthos.

ordex has uploaded a new patch set (#2) to the change originally created by 
plaisthos. ( http://gerrit.openvpn.net/c/openvpn/+/426?usp=email )


Change subject: Do not check key_state buffers that are in S_UNDEF state
......................................................................

Do not check key_state buffers that are in S_UNDEF state

When a key_state is in S_UNDEF the send_reliable is not initialised. So
checking it might access invalid memory or null pointers.

Change-Id: I226a73d47a2b1b29f7ec175ce23a806593abc2ac
[a...@unstable.cc: add check for !send_reliable and message]
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
M src/openvpn/ssl.c
1 file changed, 16 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/26/426/2

diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index cee4afe..b4cd8f5 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -3189,6 +3189,22 @@
     for (int i = 0; i < KS_SIZE; i++)
     {
         struct key_state *ks = &session->key[i];
+        if (ks->state == S_UNDEF)
+        {
+            continue;
+        }
+
+        /* we don't expect send_reliable to be NULL when state is
+         * not S_UNDEF, but people have reported crashes nonetheless,
+         * therefore we better catch this event, report and exit.
+         */
+        if (!ks->send_reliable)
+        {
+            msg(M_FATAL, "ERROR: session->key[%d]->send_reliable is NULL "
+                "while key state is %s. Exiting.",
+                i, state_name(ks->state));
+        }
+
         for (int j = 0; j < ks->send_reliable->size; j++)
         {
             if (ks->send_reliable->array[i].buf.data == dataptr)

--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/426?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings

Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I226a73d47a2b1b29f7ec175ce23a806593abc2ac
Gerrit-Change-Number: 426
Gerrit-PatchSet: 2
Gerrit-Owner: plaisthos <arne-open...@rfc2549.org>
Gerrit-Reviewer: flichtenheld <fr...@lichtenheld.com>
Gerrit-Reviewer: ordex <a...@unstable.cc>
Gerrit-CC: openvpn-devel <openvpn-devel@lists.sourceforge.net>
Gerrit-Attention: plaisthos <arne-open...@rfc2549.org>
Gerrit-Attention: flichtenheld <fr...@lichtenheld.com>
Gerrit-MessageType: newpatchset

_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel






















					Reply via email to