diff mbox series

[Openvpn-devel,v2,3/3] Ensure the management channel can take passwords up to the max length

Message ID 20260315230620.1594780-4-luca.boccassi@gmail.com
State New
Headers show
Series Two small fixes for auth via tokens | expand

Commit Message

Luca Boccassi March 15, 2026, 11:05 p.m. UTC 
From: Luca Boccassi <luca.boccassi@gmail.com>

These hardcoded limits are different than the password size limit.
Use the macro to ensure a password can always fit via the management
channel, otherwise when long passwords are used (e.g.: tokens) they
will be silently dropped.

Signed-off-by: Luca Boccassi <luca.boccassi@gmail.com>
---
 src/openvpn/manage.c  | 4 ++--
 src/openvpn/options.h | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

Comments

Arne Schwabe March 16, 2026, 12:01 p.m. UTC | #1 
Am 16.03.26 um 00:05 schrieb luca.boccassi@gmail.com:
> From: Luca Boccassi <luca.boccassi@gmail.com>
> 
> These hardcoded limits are different than the password size limit.
> Use the macro to ensure a password can always fit via the management
> channel, otherwise when long passwords are used (e.g.: tokens) they
> will be silently dropped.

> index 3d8b5059..4fafdc52 100644
> --- a/src/openvpn/options.h
> +++ b/src/openvpn/options.h
> @@ -51,10 +51,10 @@
>   #define MAX_PARMS 16
>   
>   /*
> - * Max size of options line and parameter.
> + * Max size of options line and parameter. Ensure a password can fit.
>    */
> -#define OPTION_PARM_SIZE 256
> -#define OPTION_LINE_SIZE 256
> +#define OPTION_PARM_SIZE USER_PASS_LEN
> +#define OPTION_LINE_SIZE USER_PASS_LEN
>   
>   extern const char title_string[];
>   

You are changing quite fundamental limit in the parser without any 
regards to anything outside your own use case. You will need a lot more 
convincing to get something like that accepted.

Arne
diff mbox series

Patch

diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c
index df72f15f..5cb25107 100644
--- a/src/openvpn/manage.c
+++ b/src/openvpn/manage.c
@@ -2653,9 +2653,9 @@  man_connection_init(struct management *man)
 
         /*
          * Allocate helper objects for command line input and
-         * command output from/to the socket.
+         * command output from/to the socket. Ensure a password cat fit.
          */
-        man->connection.in = command_line_new(1024);
+        man->connection.in = command_line_new(USER_PASS_LEN);
         man->connection.out = buffer_list_new();
 
         /*
diff --git a/src/openvpn/options.h b/src/openvpn/options.h
index 3d8b5059..4fafdc52 100644
--- a/src/openvpn/options.h
+++ b/src/openvpn/options.h
@@ -51,10 +51,10 @@ 
 #define MAX_PARMS 16
 
 /*
- * Max size of options line and parameter.
+ * Max size of options line and parameter. Ensure a password can fit.
  */
-#define OPTION_PARM_SIZE 256
-#define OPTION_LINE_SIZE 256
+#define OPTION_PARM_SIZE USER_PASS_LEN
+#define OPTION_LINE_SIZE USER_PASS_LEN
 
 extern const char title_string[];