| Message ID | 20250324083350.4019-1-gert@greenie.muc.de |
|---|---|
| State | Accepted |
| Headers |
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Received: by 2002:a05:7000:81e:b0:60a:d70a:d3c7 with SMTP id
jj30csp1740511mab;
Mon, 24 Mar 2025 01:34:08 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
AJvYcCVNeFr5RLE/bovh5VN/oZDbf1pyKsgREQoIa3EtJUjA/NwlgLgnfp1fkLRde2gPN9lwy1wpDpUR9cY=@openvpn.net
X-Google-Smtp-Source:
AGHT+IEOJDp1tnJRzP3Jhqc66DotnjQEzch5tumFfY55YWT89Am8sdtnRwn89z/Ji3Pic71aOa6v
X-Received: by 2002:a05:6602:360c:b0:85b:3c49:8811 with SMTP id
ca18e2360f4ac-85e2ca58ccamr1397456739f.4.1742805248581;
Mon, 24 Mar 2025 01:34:08 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1742805248; cv=none;
d=google.com; s=arc-20240605;
b=YZ1THWoAD9s+HGeBPIW+5sds8ocDmfrE5UtppG2dM72Axxj4ugiwJbcXijcxVrIkIp
9Y0tB7SubAZjx4mX1AkutxEXwYwtggihbBNhfRcduOeSOZyCMAJmuOFXl0iwVCoUyIWr
fW6ZMsa9bHnx7FAJ06JVAqa3ecPNJGs7Pr5AsCK6u3LPQQ3kG9wLM8IHpU0ajql2QSB0
urnUuOeSEjkMdG6IynAMdF0M0OQqD/JXVphIvv+NwxTAvH+EHPPcUTxGTKQaCGy1BqJG
Dj4C0/6AtlIHtx7V2vU0TsKSxr4yaY2OijMaBhUqdWFOybvc0QWjgxiyPmwlRG8HdYBS
tAAg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20240605;
h=errors-to:content-transfer-encoding:list-subscribe:list-help
:list-post:list-archive:list-unsubscribe:list-id:precedence:subject
:mime-version:references:in-reply-to:message-id:date:to:from
:dkim-signature:dkim-signature;
bh=rDkOB573Ix+MlT5PjFtf1rCNtpsrjAtGGYpMeb7GJbI=;
fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=;
b=HzcwNWqtUVOrsUEvNyjqF4SKMdjfpKL5wFIXR36wHyLkfDcK1vhDGlvgMsf/P/fVMr
Oi2zBEpr881nyOCPVfagZsnC5bj+rlO38pB4Fr8GtuX/MwhjvX+aQ7Z5hiceuq+Kkqqe
11u/+z1QP9N4WibYZlFIhlo0vRmZJ4cV5++GDJLoizV/Cb2+xVY2FDyrb0eCrrCCCQTe
2wBOyoKTqFoPQUsOgpRoQd8xa66Vm23Gfs25oLJrxGovxy2pls9BOPHqjpPczYtfHvHO
rQRQzCg8L8rIbVdmeXPc9qOtoaMWuh6zDbyB84kskdBAj9fbIxPDJ/ondN32Rl2bvxwa
fUwg==;
dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
dkim=neutral (body hash did not verify) header.i=@sourceforge.net
header.s=x header.b=idphPzTh;
dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
header.b=RFR6z5zU;
spf=pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de
Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7])
by mx.google.com with ESMTPS id
ca18e2360f4ac-85e2bdac463si668071639f.72.2025.03.24.01.34.08
(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
Mon, 24 Mar 2025 01:34:08 -0700 (PDT)
Received-SPF: pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) client-ip=216.105.38.7;
Authentication-Results: mx.google.com;
dkim=neutral (body hash did not verify) header.i=@sourceforge.net
header.s=x header.b=idphPzTh;
dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
header.b=RFR6z5zU;
spf=pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de
Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com)
by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95)
(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
id 1twdFx-0004vM-Fm;
Mon, 24 Mar 2025 08:34:01 +0000
Received: from [172.30.29.66] (helo=mx.sourceforge.net)
by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
(envelope-from <gert@blue.greenie.muc.de>) id 1twdFu-0004ui-QP
for openvpn-devel@lists.sourceforge.net;
Mon, 24 Mar 2025 08:33:59 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References:
In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:
Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
List-Subscribe:List-Post:List-Owner:List-Archive;
bh=94W6VKiqUakcNqovyRe9D+AIwLBFncVqrz9TYkO8tk4=; b=idphPzThBOw3ii3DPjcgKkEOVs
WF2f6TPu0EMSBPitn55E21AFPfiBWripGiwJMuLQnp7Z/uaMOJcEsUVR3K9C7YLYwAIdGQy0w5d1V
dHMxUIYJSOax89hgwix+tbb9Fu5F3nyz/+iK8nBcGHU9bKTR8cwUQk3QjrB5jFjHf0Mk=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
;
h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID:
Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID:
Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
List-Post:List-Owner:List-Archive;
bh=94W6VKiqUakcNqovyRe9D+AIwLBFncVqrz9TYkO8tk4=; b=RFR6z5zUg8nxgG6yz8rPjrWC/h
ZTUghLX7EE5ahxAHP4DRwqvtveMDlre4C+kfRZ1ubU5g728udx3QVsb9jay5WikYF1bcTmtOum4g8
tLx9HMb6Y8+6tU/zgTz37KA3fKzQ9mFNF+G4QEvqBjYq+gwFv4Zzghw+RHrszGUC3Fjs=;
Received: from dhcp-174.greenie.muc.de ([193.149.48.174]
helo=blue.greenie.muc.de)
by sfi-mx-2.v28.lw.sourceforge.com with esmtps
(TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95)
id 1twdFt-0004pA-Rh for openvpn-devel@lists.sourceforge.net;
Mon, 24 Mar 2025 08:33:59 +0000
Received: from blue.greenie.muc.de (localhost [127.0.0.1])
by blue.greenie.muc.de (8.17.1.9/8.17.1.9) with ESMTP id 52O8XpZM004098
for <openvpn-devel@lists.sourceforge.net>; Mon, 24 Mar 2025 09:33:51 +0100
Received: (from gert@localhost)
by blue.greenie.muc.de (8.17.1.9/8.17.1.9/Submit) id 52O8XpOF004097
for openvpn-devel@lists.sourceforge.net; Mon, 24 Mar 2025 09:33:51 +0100
From: Gert Doering <gert@greenie.muc.de>
To: openvpn-devel@lists.sourceforge.net
Date: Mon, 24 Mar 2025 09:33:44 +0100
Message-ID: <20250324083350.4019-1-gert@greenie.muc.de>
X-Mailer: git-send-email 2.45.2
In-Reply-To:
<gerrit.1741926089000.I23710b1f5b2122ec1f14465911836c0f0afa9c64@gerrit.openvpn.net>
References:
<gerrit.1741926089000.I23710b1f5b2122ec1f14465911836c0f0afa9c64@gerrit.openvpn.net>
MIME-Version: 1.0
X-Spam-Score: 0.0 (/)
X-Spam-Report: Spam detection software,
running on the system "util-spamd-1.v13.lw.sourceforge.com",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: From: Heiko Hund <heiko@ist.eigentlich.net> Instead of
making
the string buffer statically sized for a max. of four addresses, calculate
it to hold up to the max number of addresses a dns_cfg_message_t can hold
(currently four as well). Improve [...]
Content analysis details: (0.0 points, 6.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The
query to Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[193.149.48.174 listed in bl.score.senderscore.com]
0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The
query to Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[193.149.48.174 listed in sa-trusted.bondedsender.org]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
X-Headers-End: 1twdFt-0004pA-Rh
Subject: [Openvpn-devel] [PATCH v6] win: calculate address string buffer size
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
<mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive:
<http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
<mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox
X-GMAIL-THRID: =?utf-8?q?1827463756290470654?=
X-GMAIL-MSGID: =?utf-8?q?1827463756290470654?=
|
| Series |
[Openvpn-devel,v6] win: calculate address string buffer size
|
|
Commit Message
Gert Doering
March 24, 2025, 8:33 a.m. UTC
From: Heiko Hund <heiko@ist.eigentlich.net> Instead of making the string buffer statically sized for a max. of four addresses, calculate it to hold up to the max number of addresses a dns_cfg_message_t can hold (currently four as well). Improves the code so that it doesn't rely on the addresses never being more than four in the future. Change-Id: I23710b1f5b2122ec1f14465911836c0f0afa9c64 Signed-off-by: Heiko Hund <heiko@ist.eigentlich.net> Acked-by: Frank Lichtenheld <frank@lichtenheld.com> --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/908 This mail reflects revision 6 of this Change. Acked-by according to Gerrit (reflected above): Frank Lichtenheld <frank@lichtenheld.com>
Comments
Thanks for future-proofing this part of the code - it's fine today, but
we might bump the number of allowed DNS addresses to "8" one day, and
then the old code was at-risk for overflows...
I haven't actually tested it, just stared at it for a bit, asked mingw
("no warnings") and we have Frank's +2 in gerrit.
Your patch has been applied to the master branch.
commit 8ea5debaea01da5fee56fbad56b50820c1beee92
Author: Heiko Hund
Date: Mon Mar 24 09:33:44 2025 +0100
win: calculate address string buffer size
Signed-off-by: Heiko Hund <heiko@ist.eigentlich.net>
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
Message-Id: <20250324083350.4019-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg31196.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
--
kind regards,
Gert Doering
diff --git a/src/openvpnserv/interactive.c b/src/openvpnserv/interactive.c index abbc916..100c69a 100644 --- a/src/openvpnserv/interactive.c +++ b/src/openvpnserv/interactive.c @@ -1857,9 +1857,10 @@ int addr_len = msg->addr_len; /* sanity check */ - if (addr_len > _countof(msg->addr)) + const size_t max_addrs = _countof(msg->addr); + if (addr_len > max_addrs) { - addr_len = _countof(msg->addr); + addr_len = max_addrs; } if (!msg->iface.name[0]) /* interface name is required */ @@ -1909,7 +1910,7 @@ if (msg->addr_len > 0) { /* prepare the comma separated address list */ - CHAR addrs[256]; /* large enough to hold four IPv4 / IPv6 address strings */ + CHAR addrs[max_addrs * 64]; /* 64 is enough for one IPv4/6 address */ size_t offset = 0; for (int i = 0; i < addr_len; ++i) {