Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
openvpn.4990
openvpn-2.3.9-Fix-heap-overflow-on-getaddrinfo-...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openvpn-2.3.9-Fix-heap-overflow-on-getaddrinfo-result.patch of Package openvpn.4990
Author: Gert Doering <gert@greenie.muc.de> Date: Tue Nov 10 22:58:39 2015 +0100 Fix possible heap overflow on read accessing getaddrinfo() result. The code always tried to copy-out a "struct sockaddr_in6" even for IPv4 results, which reads more bytes than getaddrinfo() is guaranteed to allocate. Now, look at ai->ai_family and only copy "struct sockaddr" for IPv4. Also, reformat this block of code to comply to coding style. This is a specific 2.3 bug as the code in master (to be 2.4) has been completely rewritten to properly handle dual-stack and multiple responses from getaddrinfo() proper. Bug found by Daniel Hirche using "gcc -fsanitize=address". No possible exploits are known. Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: Arne Schwabe <arne@rfc2549.org> Message-Id: <1447192719-31381-1-git-send-email-gert@greenie.muc.de> URL: http://article.gmane.org/gmane.network.openvpn.devel/10479 References: bsc#959714 diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index a143853..0f46bad 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c <at> <at> -1259,20 +1259,24 <at> <at> resolve_remote (struct link_socket *sock, ASSERT (0); } - /* Temporary fix, this need to be changed for dual stack */ - status = openvpn_getaddrinfo(flags, sock->remote_host, retry, - signal_received, af, &ai); - if(status == 0) { - sock->info.lsa->remote.addr.in6 = *((struct sockaddr_in6*)(ai->ai_addr)); - freeaddrinfo(ai); + /* Temporary fix, this need to be changed for dual stack */ + status = openvpn_getaddrinfo(flags, sock->remote_host, retry, + signal_received, af, &ai); + if(status == 0) + { + if ( ai->ai_family == AF_INET6 ) + sock->info.lsa->remote.addr.in6 = *((struct sockaddr_in6*)(ai->ai_addr)); + else + sock->info.lsa->remote.addr.in4 = *((struct sockaddr_in*)(ai->ai_addr)); + freeaddrinfo(ai); - dmsg (D_SOCKET_DEBUG, "RESOLVE_REMOTE flags=0x%04x phase=%d rrs=%d sig=%d status=%d", + dmsg (D_SOCKET_DEBUG, "RESOLVE_REMOTE flags=0x%04x phase=%d rrs=%d sig=%d status=%d", flags, phase, retry, signal_received ? *signal_received : -1, status); - } + } if (signal_received) { if (*signal_received) -- 2.4.9
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor