diff mbox series

[Openvpn-devel,v3,12/18] Increase ERR_BUF_SIZE when management interface support is enabled

Message ID 20211214165928.30676-13-selva.nair@gmail.com
State Accepted
Headers show
Series External key provider for use with OpenSSL 3 | expand

Commit Message

Selva Nair Dec. 14, 2021, 5:59 a.m. UTC 
From: Selva Nair <selva.nair@gmail.com>

Sending largish messages to the management interface errors due to
the limited size used for the "error" buffer in x_msg_va(). Although
all intermediate steps allocate required space for the data to
send, it gets truncated at the last step.

This really requires a smarter fix. As a quick relief, we just increase
the buffer size to 10240 when management support is compiled in. Should
be enough for PK_SIGN with undigested message.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
---
 src/openvpn/error.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Arne Schwabe Jan. 20, 2022, 12:11 a.m. UTC | #1 
Am 14.12.21 um 17:59 schrieb selva.nair@gmail.com:
> From: Selva Nair <selva.nair@gmail.com>
> 
> Sending largish messages to the management interface errors due to
> the limited size used for the "error" buffer in x_msg_va(). Although
> all intermediate steps allocate required space for the data to
> send, it gets truncated at the last step.
> 
> This really requires a smarter fix. As a quick relief, we just increase
> the buffer size to 10240 when management support is compiled in. Should
> be enough for PK_SIGN with undigested message.
> 
> Signed-off-by: Selva Nair <selva.nair@gmail.com>



Acked-By: Arne Schwabe <arne@rfc2549.org>
Gert Doering Jan. 20, 2022, 5:33 a.m. UTC | #2 
I seem to have seen a similar patch in Arne's series, and we didn't
like it there much either :-) - so yeah, smarter fix, eventually.

That said, this is "only" wasting another 2048 byte as the buffer is
already at 8k if PKCS11 is enabled, and it's not static but gc_malloc().

Pretty weird to use *ERR*_BUF_SIZE in manage.c and plugin.c, though :-)
(and maybe the plugin_vlog() code could be changed to be smarter about
the way it builds the msg_fmt string based on plugin name + format string)

Anyway, client tested with 1.1.1, just for good measure.

Your patch has been applied to the master branch.

commit eeb019acee57ef5b9485569ec4d3279a822c4eb0
Author: Selva Nair
Date:   Tue Dec 14 11:59:22 2021 -0500

     Increase ERR_BUF_SIZE when management interface support is enabled

     Signed-off-by: Selva Nair <selva.nair@gmail.com>
     Acked-by: Arne Schwabe <arne@rfc2549.org>
     Message-Id: <20211214165928.30676-13-selva.nair@gmail.com>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23440.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering
diff mbox series

Patch

diff --git a/src/openvpn/error.h b/src/openvpn/error.h
index 533354b3..66c1722e 100644
--- a/src/openvpn/error.h
+++ b/src/openvpn/error.h
@@ -37,8 +37,8 @@ 
 
 /* #define ABORT_ON_ERROR */
 
-#ifdef ENABLE_PKCS11
-#define ERR_BUF_SIZE 8192
+#if defined(ENABLE_PKCS11) || defined(ENABLE_MANAGEMENT)
+#define ERR_BUF_SIZE 10240
 #else
 #define ERR_BUF_SIZE 1280
 #endif