cron2 has uploaded a new patch set (#6) to the change originally created by flichtenheld. ( http://gerrit.openvpn.net/c/openvpn/+/1503?usp=email )
The following approvals got outdated and were removed: Code-Review+2 by plaisthos Change subject: ssl_ncp: Fix length check in mutate_ncp_cipher_list ...................................................................... ssl_ncp: Fix length check in mutate_ncp_cipher_list * Make it more readable by removing a level of negation * Fix an off-by-one error. It accepted one char fewer than allowed. * Slightly improve the UT. Change-Id: Ib0d2b9520e4a77a9f4bf70ce092f76ca73608537 Signed-off-by: Frank Lichtenheld <[email protected]> Acked-by: Arne Schwabe <[email protected]> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1503 Message-Id: <[email protected]> URL: https://www.mail-archive.com/[email protected]/msg35828.html Signed-off-by: Gert Doering <[email protected]> --- M src/openvpn/ssl_ncp.c M tests/unit_tests/openvpn/test_ncp.c 2 files changed, 18 insertions(+), 14 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/03/1503/6 diff --git a/src/openvpn/ssl_ncp.c b/src/openvpn/ssl_ncp.c index 500e09d..fdac6925 100644 --- a/src/openvpn/ssl_ncp.c +++ b/src/openvpn/ssl_ncp.c @@ -92,11 +92,6 @@ } } -#if defined(__GNUC__) || defined(__clang__) -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wsign-compare" -#endif - char * mutate_ncp_cipher_list(const char *list, struct gc_arena *gc) { @@ -168,7 +163,7 @@ } /* Ensure buffer has capacity for cipher name + : + \0 */ - if (!(buf_forward_capacity(&new_list) > strlen(ovpn_cipher_name) + 2)) + if (buf_forward_capacity(&new_list) < (int)strlen(ovpn_cipher_name) + 2) { msg(M_WARN, "Length of --data-ciphers is over the " "limit of 127 chars"); @@ -207,10 +202,6 @@ o->ncp_ciphers = ncp_ciphers; } -#if defined(__GNUC__) || defined(__clang__) -#pragma GCC diagnostic pop -#endif - bool tls_item_in_cipher_list(const char *item, const char *list) { diff --git a/tests/unit_tests/openvpn/test_ncp.c b/tests/unit_tests/openvpn/test_ncp.c index 9f569a7..52a41ee 100644 --- a/tests/unit_tests/openvpn/test_ncp.c +++ b/tests/unit_tests/openvpn/test_ncp.c @@ -123,10 +123,23 @@ assert_ptr_equal(mutate_ncp_cipher_list("AES-256-GCM:vollbit", &gc), NULL); assert_ptr_equal(mutate_ncp_cipher_list("", &gc), NULL); - assert_ptr_equal(mutate_ncp_cipher_list("ChaCha20-Poly1305:ChaCha20-Poly1305:ChaCha20-Poly1305:" - "ChaCha20-Poly1305:ChaCha20-Poly1305:ChaCha20-Poly1305:" - "ChaCha20-Poly1305", - &gc), + const char long_string[MAX_NCP_CIPHERS_LENGTH] = + "CHACHA20-POLY1305:CHACHA20-POLY1305:CHACHA20-POLY1305:" + "CHACHA20-POLY1305:CHACHA20-POLY1305:CHACHA20-POLY1305:" + "CHACHA20-POLY1305"; + const char longer_string[MAX_NCP_CIPHERS_LENGTH + 1] = + "CHACHA20-POLY1305:CHACHA20-POLY1305:CHACHA20-POLY1305:" + "CHACHA20-POLY1305:CHACHA20-POLY1305:CHACHA20-POLY1305:" + "CHACHA20-POLY1305:"; + const char longest_string[] = + "CHACHA20-POLY1305:CHACHA20-POLY1305:CHACHA20-POLY1305:" + "CHACHA20-POLY1305:CHACHA20-POLY1305:CHACHA20-POLY1305:" + "CHACHA20-POLY1305:CHACHA20-POLY1305"; + assert_string_equal(mutate_ncp_cipher_list(long_string, &gc), + long_string); + assert_string_equal(mutate_ncp_cipher_list(longer_string, &gc), + long_string); + assert_ptr_equal(mutate_ncp_cipher_list(longest_string, &gc), NULL); #ifdef ENABLE_CRYPTO_OPENSSL -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1503?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: newpatchset Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ib0d2b9520e4a77a9f4bf70ce092f76ca73608537 Gerrit-Change-Number: 1503 Gerrit-PatchSet: 6 Gerrit-Owner: flichtenheld <[email protected]> Gerrit-Reviewer: plaisthos <[email protected]> Gerrit-CC: openvpn-devel <[email protected]>
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
