[Openvpn-devel,1/2] Fix IPv6 in port-share journal

Message ID	8de5660b-d917-4092-8871-250495d8c7a4@gmx.de
State	Accepted
Headers	show Return-Path: <openvpn-devel-bounces@lists.sourceforge.net> Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Message-ID: <8de5660b-d917-4092-8871-250495d8c7a4@gmx.de> Date: Sun, 8 Dec 2024 00:17:05 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Content-Language: de-CH To: openvpn-devel@lists.sourceforge.net UI-OutboundReport: notjunk:1;M01:P0:cSR0K4XunOs=;aJnSjqzETZOjxW6qGhMeBn4ND+5 xLkVOfAWKU4QkEaXOFw/zLZOStP6e4gITlMxEyjoZ8S/4JHCBcjip+hRhybvdUvx2elWKksKS SzeL3KlVouVW71kw6q9NF8koV09H1BpcFpGvYIZN7j89n0T+mpILNufWWyJk2ZjvgNKv14nWf RQ5DSAaMcJ0DBu5MeuN18mnvIv8iau90l60Pftjey/2d8l5Hhv0q/gq5NwpcVM5fNZ246A7aQ vJVzf6ZC02n7ItBj0v0ZW32k+8ootsM4NBl90TjoKJXYgNbrd+Jnw2B6RQ0tkqBFLUEJf/YtP Tw9fE15A+BDr31HcJnDZC3u+dR+V7Zv8034AlS4FB4Scvt+wccxVOYgCNjYqnWMN8dRQBbtcY C27iSn0p/SvPiwKCMf762oca5Vsb40q7+/zqsMYY+t9y2XZo6qxDSma2iTXsvzkXeaZzRnHCS UzeZJ/pFMo9IeoL4v17wA0Q3gs4GlTWa0/lYuNPcRXeojFdcwEyYLWS/nXEDvD0RGnBSwbmua RZRttwN8lXAfZWMozgfeF2gYLj4UTGy2sQcZThexE5+AvfYUiTeEWBiSDqYZKG3iP6kU1OY1J CRejZJW65BuP7cktfCBNS0a8mkBgoWBdEv6DpaXcIn3ieXd8gN+/Yf7dzCbv1LST52kDZnlFN 7I0cS1XDJjT15N9nrBxrfK8h5XmAUtNGmxFWE+/QaH2x4I6Uot+hFkd1w51oWQS/6eJ02+9jY 3Xo4WaskjPCoCupnjcLiCSXrHtOOXgws2t+W/klqz0Ga/9sJDgnkbJ48fHjC+ZRw/xlgE5Qh4 PlZRKf4yqTm6BodA81yIJINyIX2W/TLcUGFrgkuULQp2C+fhGAq8ntbEoCI8swtl2g2fF+JMH K5VCi/AMxgbeX+erDYJQm2aeWyVzdKpiJkQQMh1s2HuiaJ9nATxbfXNPXwI4ZKblHvcClUHIc lG9ighw///AVScTwQc7tL86ZWyJK3TtmFMoM4lwmdQ30ASha+Qnd4oU2KoP7U0mIQca23VNrd kXO0NACKSakdmdzRSLpdnN/kh1mE3Fw+vAi323HtPgz0hHaSBH8mxzcUj4VhJTnw1dz8HgLp8 rKbGnNOtO2Mc/0grH2U/MQIbgEjBed preview: getpeername() and getsockname() will truncate the result if it is larger than the passed-in length. Because here always the size of the `sa` IPv4 union member was passed in, all larger (aka IPv6) resu [...] Content analysis details: (-0.9 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [212.227.17.22 listed in list.dnswl.org] 0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [212.227.17.22 listed in sa-accredit.habeas.com] 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [212.227.17.22 listed in bl.score.senderscore.com] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [corubba[at]gmx.de] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 RCVD_IN_MSPIKE_H4 RBL: Very Good reputation (+4) [212.227.17.22 listed in wl.mailspike.net] -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 RCVD_IN_MSPIKE_WL Mailspike good senders Subject: [Openvpn-devel] [PATCH 1/2] Fix IPv6 in port-share journal Precedence: list From: corubba via Openvpn-devel <openvpn-devel@lists.sourceforge.net> Reply-To: corubba <corubba@gmx.de> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox
Series	[Openvpn-devel,1/2] Fix IPv6 in port-share journal \| expand [Openvpn-devel,1/2] Fix IPv6 in port-share journal [Openvpn-devel,2/2] Fix port-share journal doc

Message ID

8de5660b-d917-4092-8871-250495d8c7a4@gmx.de

State

Accepted

Headers

Received-SPF: pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) client-ip=216.105.38.7;
Message-ID: <8de5660b-d917-4092-8871-250495d8c7a4@gmx.de>
Date: Sun, 8 Dec 2024 00:17:05 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: de-CH
To: openvpn-devel@lists.sourceforge.net
UI-OutboundReport: notjunk:1;M01:P0:cSR0K4XunOs=;aJnSjqzETZOjxW6qGhMeBn4ND+5
 xLkVOfAWKU4QkEaXOFw/zLZOStP6e4gITlMxEyjoZ8S/4JHCBcjip+hRhybvdUvx2elWKksKS
 SzeL3KlVouVW71kw6q9NF8koV09H1BpcFpGvYIZN7j89n0T+mpILNufWWyJk2ZjvgNKv14nWf
 RQ5DSAaMcJ0DBu5MeuN18mnvIv8iau90l60Pftjey/2d8l5Hhv0q/gq5NwpcVM5fNZ246A7aQ
 vJVzf6ZC02n7ItBj0v0ZW32k+8ootsM4NBl90TjoKJXYgNbrd+Jnw2B6RQ0tkqBFLUEJf/YtP
 Tw9fE15A+BDr31HcJnDZC3u+dR+V7Zv8034AlS4FB4Scvt+wccxVOYgCNjYqnWMN8dRQBbtcY
 C27iSn0p/SvPiwKCMf762oca5Vsb40q7+/zqsMYY+t9y2XZo6qxDSma2iTXsvzkXeaZzRnHCS
 UzeZJ/pFMo9IeoL4v17wA0Q3gs4GlTWa0/lYuNPcRXeojFdcwEyYLWS/nXEDvD0RGnBSwbmua
 RZRttwN8lXAfZWMozgfeF2gYLj4UTGy2sQcZThexE5+AvfYUiTeEWBiSDqYZKG3iP6kU1OY1J
 CRejZJW65BuP7cktfCBNS0a8mkBgoWBdEv6DpaXcIn3ieXd8gN+/Yf7dzCbv1LST52kDZnlFN
 7I0cS1XDJjT15N9nrBxrfK8h5XmAUtNGmxFWE+/QaH2x4I6Uot+hFkd1w51oWQS/6eJ02+9jY
 3Xo4WaskjPCoCupnjcLiCSXrHtOOXgws2t+W/klqz0Ga/9sJDgnkbJ48fHjC+ZRw/xlgE5Qh4
 PlZRKf4yqTm6BodA81yIJINyIX2W/TLcUGFrgkuULQp2C+fhGAq8ntbEoCI8swtl2g2fF+JMH
 K5VCi/AMxgbeX+erDYJQm2aeWyVzdKpiJkQQMh1s2HuiaJ9nATxbfXNPXwI4ZKblHvcClUHIc
 lG9ighw///AVScTwQc7tL86ZWyJK3TtmFMoM4lwmdQ30ASha+Qnd4oU2KoP7U0mIQca23VNrd
 kXO0NACKSakdmdzRSLpdnN/kh1mE3Fw+vAi323HtPgz0hHaSBH8mxzcUj4VhJTnw1dz8HgLp8
 rKbGnNOtO2Mc/0grH2U/MQIbgEjBed
Subject: [Openvpn-devel] [PATCH 1/2] Fix IPv6 in port-share journal
Precedence: list
From: corubba via Openvpn-devel <openvpn-devel@lists.sourceforge.net>
Reply-To: corubba <corubba@gmx.de>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: openvpn-devel-bounces@lists.sourceforge.net

Series

[Openvpn-devel,1/2] Fix IPv6 in port-share journal | expand

Commit Message

corubba Dec. 7, 2024, 11:17 p.m. UTC

getpeername() and getsockname() will truncate the result if it is
larger than the passed-in length. Because here always the size of the
`sa` IPv4 union member was passed in, all larger (aka IPv6) results
were truncated. Instead use the size of the `addr` union, which is the
maximum size of all union members.

The bug was introduced in 0b6450c9.

Fixes https://community.openvpn.net/openvpn/ticket/1358

Signed-off-by: corubba <corubba@gmx.de>
---
 src/openvpn/ps.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--
2.47.1

Comments

Gert Doering Dec. 8, 2024, 1:52 p.m. UTC | #1

Hi,

On Sun, Dec 08, 2024 at 12:17:05AM +0100, corubba via Openvpn-devel wrote:
> getpeername() and getsockname() will truncate the result if it is
> larger than the passed-in length. Because here always the size of the
> `sa` IPv4 union member was passed in, all larger (aka IPv6) results
> were truncated. Instead use the size of the `addr` union, which is the
> maximum size of all union members.

Thanks for digging into this.  The fix looks correct according to
structure definitions, "man getpeername()" etc. - and now matches
other parts of the code, like socket.c / socket_do_accept()

...
    socklen_t remote_len = sizeof(act->dest.addr);
...
        new_sd = getpeername(sd, &act->dest.addr.sa, &remote_len);

The commit ID you found introduces IPv6 transport support :-) - so before
that, there was no ambiguity here.

So

Acked-By: Gert Doering <gert@greenie.muc.de>

will proceed to merge ASAP.  (I'll change the Trac reference to be
just "Trac: #1358" as this is our standard format).

gert

Gert Doering Dec. 8, 2024, 2:17 p.m. UTC | #2

I have not actually tested this (beyond "GHA run" passed) because I have
no current test setup for incoming port share with journal files - but
the code change is "obviously correct" and our picky compilers do not
object either.

Your patch has been applied to the master and release/2.6 branch (bugfix).

commit dbc0491f20c34cf3b7ab8fe2a55442ea93007ddd (master)
commit f966e67c24af681cdd8c3905f4da07e616a123c5 (release/2.6)
Author: corubba
Date:   Sun Dec 8 00:17:05 2024 +0100

     Fix IPv6 in port-share journal

     Signed-off-by: corubba <corubba@gmx.de>
     Acked-by: Gert Doering <gert@greenie.muc.de>
     Message-Id: <8de5660b-d917-4092-8871-250495d8c7a4@gmx.de>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg30035.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering

diff --git a/src/openvpn/ps.c b/src/openvpn/ps.c
index 4ca3a129..06bf91a8 100644
--- a/src/openvpn/ps.c
+++ b/src/openvpn/ps.c
@@ -344,8 +344,8 @@  journal_add(const char *journal_dir, struct proxy_connection *pc, struct proxy_c
     char *jfn;
     int fd;

-    slen = sizeof(from.addr.sa);
-    dlen = sizeof(to.addr.sa);
+    slen = sizeof(from.addr);
+    dlen = sizeof(to.addr);
     if (!getpeername(pc->sd, (struct sockaddr *) &from.addr.sa, &slen)
         && !getsockname(cp->sd, (struct sockaddr *) &to.addr.sa, &dlen))
     {

[Openvpn-devel,1/2] Fix IPv6 in port-share journal

Commit Message

Comments

Patch