Hello,
this concerns key_method 1. I know it's deprecated, but reporting it
just in case people still use it..
So key_method_1_read() calls read_key() which doesn't perform adequate
bounds checks. cipher_length and hmac_length are specified by the
peer:
1643 uint8_t cipher_length;
1644 u
Here is the set of fuzzers used to find the recent vulnerabilities in OpenVPN:
https://github.com/guidovranken/openvpn/tree/fuzzing
Not all code is covered by this set; more fuzzers need to be written
in order to verify the overall security of OpenVPN. Hence, it is
conceivable that more vulnerabi
This patch ensures that if an error occurs while processing
the 'connection' directive of an options specification,
the variable 'struct options sub', which is initialized
with init_options(), is properly freed with uninit_options().
Signed-off-by: Guido Vranken
---
src/o
Prevents that the client crashes if the peer does not specify
the 'realm' and/or 'nonce' values. These pointers are
dereferenced in DigestCalcHA1() and DigestCalcResponse();
hence, if not set, a null-pointer dereference would occur.
Signed-off-by: Guido Vranken
---
src
ll as you put it, I just moved
> it into the "not first line" block, and wrapped the lines to ~70 chars)
>
> commit 69162924de3600bfe8ae9708a1d6e3f4515ef995 (master)
> commit 69f00d8ce6862772919e2714adb72f13f3e92ca7 (release/2.4)
> commit 8dd598e89f25074f2d4d23f77cb601cf48a
Signed-off-by: Guido Vranken
---
src/openvpn/proxy.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/openvpn/proxy.c b/src/openvpn/proxy.c
index b0ed327..8ff09ba 100644
--- a/src/openvpn/proxy.c
+++ b/src/openvpn/proxy.c
@@ -318,6 +318,7 @@ get_proxy_authenticate(socket_descriptor_t sd
Signed-off-by: Guido Vranken
---
src/openvpn/options.c | 12 ++--
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 452087a..91d8280 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -4531,7 +4531,7
Signed-off-by: Guido Vranken
---
src/openvpn/ntlm.c | 9 -
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/src/openvpn/ntlm.c b/src/openvpn/ntlm.c
index 0c43681..9348337 100644
--- a/src/openvpn/ntlm.c
+++ b/src/openvpn/ntlm.c
@@ -130,17 +130,16 @@ gen_nonce(unsigned char
Signed-off-by: Guido Vranken
---
src/openvpn/ssl_verify_openssl.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/openvpn/ssl_verify_openssl.c b/src/openvpn/ssl_verify_openssl.c
index 8374783..d64f83c 100644
--- a/src/openvpn/ssl_verify_openssl.c
+++ b/src/openvpn