[Openvpn-devel,v2] test_tls_crypt.c: fix global-buffer-overflow found by AddressSanitizer
Commit Message
From: Lev Stipakov <lev@openvpn.net>
When writing data to buffer we incorrectly specify source length
- sizeof for pointer returns 8, but actual buffer length is 1.
Fix by replacing empty global string to local string literal and
specifying the correct length.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
---
v2: use strlen(), fix misleading comments
tests/unit_tests/openvpn/test_tls_crypt.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
Comments
Am 22.01.19 um 14:34 schrieb Lev Stipakov:
> From: Lev Stipakov <lev@openvpn.net>
>
> When writing data to buffer we incorrectly specify source length
> - sizeof for pointer returns 8, but actual buffer length is 1.
>
> Fix by replacing empty global string to local string literal and
> specifying the correct length.
Acked-By: Arne Schwabe
Arne
Your patch has been applied to the master branch.
commit a3fd78d48616ab21908b116d5ce785986893e02d
Author: Lev Stipakov
Date: Tue Jan 22 15:34:20 2019 +0200
test_tls_crypt.c: fix global-buffer-overflow found by AddressSanitizer
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1548164060-13144-1-git-send-email-lstipakov@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18140.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
--
kind regards,
Gert Doering
@@ -49,8 +49,6 @@
#define PARAM1 "param1"
#define PARAM2 "param two"
-static const char *plaintext_short = "";
-
static const char *test_server_key = \
"-----BEGIN OpenVPN tls-crypt-v2 server key-----\n"
"AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4v\n"
@@ -148,10 +146,12 @@ test_tls_crypt_setup(void **state) {
ctx->unwrapped = alloc_buf(TESTBUF_SIZE);
/* Write test plaintext */
- buf_write(&ctx->source, plaintext_short, sizeof(plaintext_short));
+ const char *plaintext = "1234567890";
+ buf_write(&ctx->source, plaintext, strlen(plaintext));
- /* Write dummy opcode and session id */
- buf_write(&ctx->ciphertext, "012345678", 1 + 8);
+ /* Write test ciphertext */
+ const char *ciphertext = "012345678";
+ buf_write(&ctx->ciphertext, ciphertext, strlen(ciphertext));
return 0;
}