@@ -948,17 +948,21 @@
}
/* send digest response */
- openvpn_snprintf(buf, sizeof(buf), "Proxy-Authorization: Digest username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s\", qop=%s, nc=%s, cnonce=\"%s\", response=\"%s\"%s",
- username,
- realm,
- nonce,
- uri,
- qop,
- nonce_count,
- cnonce,
- response,
- opaque_kv
- );
+ int sret = openvpn_snprintf(buf, sizeof(buf), "Proxy-Authorization: Digest username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s\", qop=%s, nc=%s, cnonce=\"%s\", response=\"%s\"%s",
+ username,
+ realm,
+ nonce,
+ uri,
+ qop,
+ nonce_count,
+ cnonce,
+ response,
+ opaque_kv
+ );
+ if (sret >= sizeof(buf))
+ {
+ goto error;
+ }
msg(D_PROXY, "Send to HTTP proxy: '%s'", buf);
if (!send_line_crlf(sd, buf))
{
@@ -109,8 +109,11 @@
"Authentication not possible.");
goto cleanup;
}
- openvpn_snprintf(to_send, sizeof(to_send), "\x01%c%s%c%s", (int) strlen(creds.username),
- creds.username, (int) strlen(creds.password), creds.password);
+ int sret = openvpn_snprintf(to_send, sizeof(to_send), "\x01%c%s%c%s",
+ (int) strlen(creds.username), creds.username,
+ (int) strlen(creds.password), creds.password);
+ ASSERT(sret <= sizeof(to_send));
+
size = send(sd, to_send, strlen(to_send), MSG_NOSIGNAL);
if (size != strlen(to_send))
@@ -2069,7 +2069,7 @@
#endif
#ifndef OPENSSL_NO_EC
- char groupname[256];
+ char groupname[64];
if (is_ec)
{
size_t len;
@@ -2130,7 +2130,7 @@
print_cert_details(X509 *cert, char *buf, size_t buflen)
{
EVP_PKEY *pkey = X509_get_pubkey(cert);
- char pkeybuf[128] = { 0 };
+ char pkeybuf[64] = { 0 };
print_pkey_details(pkey, pkeybuf, sizeof(pkeybuf));
char sig[128] = { 0 };
@@ -575,7 +575,7 @@
char metadata_type_str[4] = { 0 }; /* Max value: 255 */
openvpn_snprintf(metadata_type_str, sizeof(metadata_type_str),
- "%i", metadata_type);
+ "%i", (uint8_t) metadata_type);
struct env_set *es = env_set_create(NULL);
setenv_str(es, "script_type", "tls-crypt-v2-verify");
setenv_str(es, "metadata_type", metadata_type_str);
@@ -33,6 +33,7 @@
#include <sddl.h>
#include <shellapi.h>
#include <mstcpip.h>
+#include <inttypes.h>
#include <versionhelpers.h>
@@ -2002,7 +2003,7 @@
ReturnLastError(pipe, L"malloc");
goto out;
}
- openvpn_swprintf(cmdline, cmdline_size, L"openvpn %ls --msg-channel %lu",
+ openvpn_swprintf(cmdline, cmdline_size, L"openvpn %ls --msg-channel %" PRIuPTR,
sud.options, svc_pipe);
if (!CreateEnvironmentBlock(&user_env, imp_token, FALSE))