diff options
| author | Matthias Andree <mandree@FreeBSD.org> | 2023-11-15 20:40:37 +0000 |
|---|---|---|
| committer | Matthias Andree <mandree@FreeBSD.org> | 2023-11-15 21:50:34 +0000 |
| commit | e1e9a05be79d47884cdfd6f831b4f591a1bf7ea7 (patch) | |
| tree | 73533b57484353f8dcf81f4c537520964f6f8f16 /security/openvpn/files/patch-git-a903ebe9361d451daee71c225e141f4e1b67107d | |
| parent | b2cf35ae6ce09ac732349a61e3b0328162c8a747 (diff) | |
| download | ports-e1e9a05be79d47884cdfd6f831b4f591a1bf7ea7.tar.gz ports-e1e9a05be79d47884cdfd6f831b4f591a1bf7ea7.zip | |
security/openvpn: fix regressions and some documentation bits
Add two patches cherry-picked from upstream Git repository:
OpenVPN 2.6.7 regressed and experienced crashes in some situations,
https://github.com/OpenVPN/openvpn/issues/449
Reported by: Vladimir Druzenko (vvd@)
Reported by: Patrick Cable (upstream)
Obtained from: https://github.com/openvpn/openvpn/commit/b90ec6dabfb151dd93ef00081bbc3f55e7d3450f
Also, some typos in the documentation are fixed,
Obtained from: https://github.com/OpenVPN/openvpn/commit/457f468a76f324a14b1236988cc5f5a95f14abf5
Bump PORTREVISION.
PR: 275055
MFH: 2023Q4
(cherry picked from commit 8d2e9d99db3d6c0d1f988feaca0cdb7c0e7dca89)
Diffstat (limited to 'security/openvpn/files/patch-git-a903ebe9361d451daee71c225e141f4e1b67107d')
| -rw-r--r-- | security/openvpn/files/patch-git-a903ebe9361d451daee71c225e141f4e1b67107d | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/security/openvpn/files/patch-git-a903ebe9361d451daee71c225e141f4e1b67107d b/security/openvpn/files/patch-git-a903ebe9361d451daee71c225e141f4e1b67107d new file mode 100644 index 000000000000..4c347593ac7a --- /dev/null +++ b/security/openvpn/files/patch-git-a903ebe9361d451daee71c225e141f4e1b67107d @@ -0,0 +1,48 @@ +From a903ebe9361d451daee71c225e141f4e1b67107d Mon Sep 17 00:00:00 2001 +From: Arne Schwabe <arne@rfc2549.org> +Date: Wed, 15 Nov 2023 11:33:31 +0100 +Subject: [PATCH] Do not check key_state buffers that are in S_UNDEF state + +When a key_state is in S_UNDEF the send_reliable is not initialised. So +checking it might access invalid memory or null pointers. + +Github: fixes OpenVPN/openvpn#449 + +Change-Id: I226a73d47a2b1b29f7ec175ce23a806593abc2ac +[a@unstable.cc: add check for !send_reliable and message] +Signed-off-by: Arne Schwabe <arne@rfc2549.org> +Acked-by: Gert Doering <gert@greenie.muc.de> +Message-Id: <20231115103331.18050-1-gert@greenie.muc.de> +URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg27401.html +Signed-off-by: Gert Doering <gert@greenie.muc.de> +--- + src/openvpn/ssl.c | 16 ++++++++++++++++ + 1 file changed, 16 insertions(+) + +diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c +index cee4afe19f3..b4cd8f5a567 100644 +--- ./src/openvpn/ssl.c ++++ b/src/openvpn/ssl.c +@@ -3189,6 +3189,22 @@ check_session_buf_not_used(struct buffer *to_link, struct tls_session *session) + for (int i = 0; i < KS_SIZE; i++) + { + struct key_state *ks = &session->key[i]; ++ if (ks->state == S_UNDEF) ++ { ++ continue; ++ } ++ ++ /* we don't expect send_reliable to be NULL when state is ++ * not S_UNDEF, but people have reported crashes nonetheless, ++ * therefore we better catch this event, report and exit. ++ */ ++ if (!ks->send_reliable) ++ { ++ msg(M_FATAL, "ERROR: session->key[%d]->send_reliable is NULL " ++ "while key state is %s. Exiting.", ++ i, state_name(ks->state)); ++ } ++ + for (int j = 0; j < ks->send_reliable->size; j++) + { + if (ks->send_reliable->array[i].buf.data == dataptr) |