Message ID | 1548164060-13144-1-git-send-email-lstipakov@gmail.com |
---|---|
State | Accepted |
Headers | show |
Series | [Openvpn-devel,v2] test_tls_crypt.c: fix global-buffer-overflow found by AddressSanitizer | expand |
Am 22.01.19 um 14:34 schrieb Lev Stipakov: > From: Lev Stipakov <lev@openvpn.net> > > When writing data to buffer we incorrectly specify source length > - sizeof for pointer returns 8, but actual buffer length is 1. > > Fix by replacing empty global string to local string literal and > specifying the correct length. Acked-By: Arne Schwabe Arne
Your patch has been applied to the master branch. commit a3fd78d48616ab21908b116d5ce785986893e02d Author: Lev Stipakov Date: Tue Jan 22 15:34:20 2019 +0200 test_tls_crypt.c: fix global-buffer-overflow found by AddressSanitizer Signed-off-by: Lev Stipakov <lev@openvpn.net> Acked-by: Arne Schwabe <arne@rfc2549.org> Message-Id: <1548164060-13144-1-git-send-email-lstipakov@gmail.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18140.html Signed-off-by: Gert Doering <gert@greenie.muc.de> -- kind regards, Gert Doering
diff --git a/tests/unit_tests/openvpn/test_tls_crypt.c b/tests/unit_tests/openvpn/test_tls_crypt.c index b793a7a..17f7d89 100644 --- a/tests/unit_tests/openvpn/test_tls_crypt.c +++ b/tests/unit_tests/openvpn/test_tls_crypt.c @@ -49,8 +49,6 @@ #define PARAM1 "param1" #define PARAM2 "param two" -static const char *plaintext_short = ""; - static const char *test_server_key = \ "-----BEGIN OpenVPN tls-crypt-v2 server key-----\n" "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4v\n" @@ -148,10 +146,12 @@ test_tls_crypt_setup(void **state) { ctx->unwrapped = alloc_buf(TESTBUF_SIZE); /* Write test plaintext */ - buf_write(&ctx->source, plaintext_short, sizeof(plaintext_short)); + const char *plaintext = "1234567890"; + buf_write(&ctx->source, plaintext, strlen(plaintext)); - /* Write dummy opcode and session id */ - buf_write(&ctx->ciphertext, "012345678", 1 + 8); + /* Write test ciphertext */ + const char *ciphertext = "012345678"; + buf_write(&ctx->ciphertext, ciphertext, strlen(ciphertext)); return 0; }