Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
openvpn.4990
openvpn-2.3.x-fixed-multiple-low-severity-issue...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openvpn-2.3.x-fixed-multiple-low-severity-issues.patch of Package openvpn.4990
From:Sebastian Krahmer <krahmer@suse.com> References: bsc#934237 diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index c2d5c27..d4897b0 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -151,7 +151,7 @@ openvpn_encrypt (struct buffer *buf, struct buffer work, ASSERT (cipher_ctx_reset(ctx->cipher, iv_buf)); /* Buffer overflow check */ - if (!buf_safe (&work, buf->len + cipher_ctx_block_size(ctx->cipher))) + if (!buf_safe (&work, buf->len + OPENVPN_MAX_BLOCK_LENGTH)) { msg (D_CRYPT_ERRORS, "ENCRYPT: buffer size error, bc=%d bo=%d bl=%d wc=%d wo=%d wl=%d cbs=%d", buf->capacity, @@ -278,7 +278,7 @@ openvpn_decrypt (struct buffer *buf, struct buffer work, const int iv_size = cipher_ctx_iv_length (ctx->cipher); const cipher_kt_t *cipher_kt = cipher_ctx_get_cipher_kt (ctx->cipher); uint8_t iv_buf[OPENVPN_MAX_IV_LENGTH]; - int outlen; + int outlen = 0; /* initialize work buffer with FRAME_HEADROOM bytes of prepend capacity */ ASSERT (buf_init (&work, FRAME_HEADROOM_ADJ (frame, FRAME_HEADROOM_MARKER_DECRYPT))); @@ -305,7 +305,7 @@ openvpn_decrypt (struct buffer *buf, struct buffer work, CRYPT_ERROR ("cipher init failed"); /* Buffer overflow check (should never happen) */ - if (!buf_safe (&work, buf->len + cipher_ctx_block_size(ctx->cipher))) + if (!buf_safe (&work, buf->len + OPENVPN_MAX_BLOCK_LENGTH)) CRYPT_ERROR ("potential buffer overflow"); /* Decrypt packet ID, payload */ diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index 348bdee..2594c96 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -617,7 +617,11 @@ int cipher_ctx_update (EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len, uint8_t *src, int src_len) { - return EVP_CipherUpdate (ctx, dst, dst_len, src, src_len); + if (EVP_CipherUpdate (ctx, dst, dst_len, src, src_len) != 1) { + msg(M_FATAL, "%s: EVP_CipherUpdate() failed", __func__); + return 0; + } + return 1; } int diff --git a/src/openvpn/crypto_openssl.h b/src/openvpn/crypto_openssl.h index f883c2a..f12abf1 100644 --- a/src/openvpn/crypto_openssl.h +++ b/src/openvpn/crypto_openssl.h @@ -52,6 +52,9 @@ typedef HMAC_CTX hmac_ctx_t; /** Maximum length of an IV */ #define OPENVPN_MAX_IV_LENGTH EVP_MAX_IV_LENGTH +/** Maximum length of a cipher block */ +#define OPENVPN_MAX_BLOCK_LENGTH EVP_MAX_BLOCK_LENGTH + /** Cipher is in CBC mode */ #define OPENVPN_MODE_CBC EVP_CIPH_CBC_MODE diff --git a/src/openvpn/error.c b/src/openvpn/error.c index 6848425..de2fc49 100644 --- a/src/openvpn/error.c +++ b/src/openvpn/error.c @@ -400,6 +400,7 @@ void assert_failed (const char *filename, int line) { msg (M_FATAL, "Assertion failed at %s:%d", filename, line); + _exit(1); } /* diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 71c91a2..97ce6c0 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -2556,8 +2556,9 @@ init_context_buffers (const struct frame *frame) b->aux_buf = alloc_buf (BUF_SIZE (frame)); #ifdef ENABLE_CRYPTO - b->encrypt_buf = alloc_buf (BUF_SIZE (frame)); - b->decrypt_buf = alloc_buf (BUF_SIZE (frame)); + b->encrypt_buf = alloc_buf (BUF_SIZE (frame) + OPENVPN_MAX_BLOCK_LENGTH); + b->decrypt_buf = alloc_buf (BUF_SIZE (frame) + OPENVPN_MAX_BLOCK_LENGTH); + #endif #ifdef ENABLE_LZO diff --git a/src/openvpn/proxy.c b/src/openvpn/proxy.c index 95d7153..8555789 100644 --- a/src/openvpn/proxy.c +++ b/src/openvpn/proxy.c @@ -76,6 +76,9 @@ recv_line (socket_descriptor_t sd, struct buffer la; int lastc = 0; + if (sd >= FD_SETSIZE) + return false; + CLEAR (la); if (lookahead) la = *lookahead; @@ -283,11 +286,11 @@ get_proxy_authenticate (socket_descriptor_t sd, struct gc_arena *gc, volatile int *signal_received) { - char buf[256]; + char buf[256] = {0}; int ret = HTTP_AUTH_NONE; while (true) { - if (!recv_line (sd, buf, sizeof (buf), timeout, true, NULL, signal_received)) + if (!recv_line (sd, buf, sizeof (buf) - 1, timeout, true, NULL, signal_received)) { *data = NULL; return HTTP_AUTH_NONE; @@ -498,9 +501,9 @@ establish_http_proxy_passthru (struct http_proxy_info *p, volatile int *signal_received) { struct gc_arena gc = gc_new (); - char buf[512]; - char buf2[129]; - char get[80]; + char buf[512] = {0}; + char buf2[129] = {0}; + char get[80] = {0}; int status; int nparms; bool ret = false; @@ -586,7 +589,8 @@ establish_http_proxy_passthru (struct http_proxy_info *p, goto error; /* receive reply from proxy */ - if (!recv_line (sd, buf, sizeof(buf), p->options.timeout, true, NULL, signal_received)) + memset(buf, 0, sizeof(buf)); + if (!recv_line (sd, buf, sizeof(buf) - 1, p->options.timeout, true, NULL, signal_received)) goto error; /* remove trailing CR, LF */ @@ -615,7 +619,8 @@ establish_http_proxy_passthru (struct http_proxy_info *p, while (true) { - if (!recv_line (sd, buf, sizeof(buf), p->options.timeout, true, NULL, signal_received)) + memset(buf, 0, sizeof(buf)); + if (!recv_line (sd, buf, sizeof(buf) - 1, p->options.timeout, true, NULL, signal_received)) goto error; chomp (buf); msg (D_PROXY, "HTTP proxy returned: '%s'", buf); @@ -685,7 +690,8 @@ establish_http_proxy_passthru (struct http_proxy_info *p, goto error; /* receive reply from proxy */ - if (!recv_line (sd, buf, sizeof(buf), p->options.timeout, true, NULL, signal_received)) + memset(buf, 0, sizeof(buf)); + if (!recv_line (sd, buf, sizeof(buf) - 1, p->options.timeout, true, NULL, signal_received)) goto error; /* remove trailing CR, LF */ @@ -795,7 +801,8 @@ establish_http_proxy_passthru (struct http_proxy_info *p, goto error; /* receive reply from proxy */ - if (!recv_line (sd, buf, sizeof(buf), p->options.timeout, true, NULL, signal_received)) + memset(buf, 0, sizeof(buf)); + if (!recv_line (sd, buf, sizeof(buf) - 1, p->options.timeout, true, NULL, signal_received)) goto error; /* remove trailing CR, LF */ diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index 0424c0b..39bbdc8 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -837,6 +837,9 @@ socket_listen_accept (socket_descriptor_t sd, /* struct openvpn_sockaddr *remote = &act->dest; */ struct openvpn_sockaddr remote_verify = act->dest; int new_sd = SOCKET_UNDEFINED; + + if (sd >= FD_SETSIZE) + return -1; CLEAR (*act); socket_do_listen (sd, local, do_listen, true); @@ -924,6 +927,9 @@ openvpn_connect (socket_descriptor_t sd, volatile int *signal_received) { int status = 0; + + if (sd >= FD_SETSIZE) + return -1; #ifdef CONNECT_NONBLOCK set_nonblock (sd); diff --git a/src/openvpn/socks.c b/src/openvpn/socks.c index 2f051ec..b11cea0 100644 --- a/src/openvpn/socks.c +++ b/src/openvpn/socks.c @@ -97,13 +97,16 @@ socks_username_password_auth (struct socks_proxy_info *p, socket_descriptor_t sd, volatile int *signal_received) { - char to_send[516]; - char buf[2]; + char to_send[516] = {0}; + char buf[2] = {0}; int len = 0; const int timeout_sec = 5; struct user_pass creds; ssize_t size; + if (sd >= FD_SETSIZE) + return false; + creds.defined = 0; get_user_pass (&creds, p->authfile, UP_TYPE_SOCKS, GET_USER_PASS_MANAGEMENT); @@ -186,7 +189,7 @@ socks_handshake (struct socks_proxy_info *p, socket_descriptor_t sd, volatile int *signal_received) { - char buf[2]; + char buf[2] = {0}; int len = 0; const int timeout_sec = 5; ssize_t size; @@ -195,6 +198,8 @@ socks_handshake (struct socks_proxy_info *p, char method_sel[3] = { 0x05, 0x01, 0x00 }; if (p->authfile[0]) method_sel[2] = 0x02; /* METHODS = [2 (plain login)] */ + if (sd >= FD_SETSIZE) + return false; size = send (sd, method_sel, sizeof (method_sel), MSG_NOSIGNAL); if (size != sizeof (method_sel)) @@ -299,9 +304,12 @@ recv_socks_reply (socket_descriptor_t sd, char atyp = '\0'; int alen = 0; int len = 0; - char buf[22]; + char buf[22] = {0}; const int timeout_sec = 5; + if (sd >= FD_SETSIZE) + return false; + if (addr != NULL) { addr->addr.in4.sin_family = AF_INET; @@ -378,7 +386,7 @@ recv_socks_reply (socket_descriptor_t sd, } /* store char in buffer */ - if (len < (int)sizeof(buf)) + if (len < (int)sizeof(buf) && len >= 0) buf[len] = c; ++len; } @@ -408,7 +416,7 @@ establish_socks_proxy_passthru (struct socks_proxy_info *p, const int port, /* openvpn server port */ volatile int *signal_received) { - char buf[128]; + char buf[128] = {0}; size_t len; if (!socks_handshake (p, sd, signal_received))
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor