[Openvpn-devel,1/2] Ensure strings read from registry are null-terminated

Message ID 1511026858-23281-1-git-send-email-selva.nair@gmail.com
State Accepted
Headers show
Series
  • [Openvpn-devel,1/2] Ensure strings read from registry are null-terminated
Related show

Commit Message

Selva Nair Nov. 18, 2017, 5:40 p.m.
From: Selva Nair <selva.nair@gmail.com>

- Strings stored in registry are not guaranteed to be null-terminated.
  So, use RegGetValue() instead of RegQueryValueEx() as the former
  adds null termination to the returned string if missing.
  (Needs Windows Vista+)

- While at it also add a default value parameter to GetRegString()
  to process optional registry values (such as ovpn_admin_group)
  without causing an otherwise confusing error logged to the
  eventlog[*].

[*] see Trac: #892

Signed-off-by: Selva Nair <selva.nair@gmail.com>
---
 src/openvpnserv/common.c | 32 ++++++++++++++++++--------------
 1 file changed, 18 insertions(+), 14 deletions(-)

Comments

Gert Doering Feb. 20, 2018, 12:23 p.m. | #1
Acked-by: Gert Doering <gert@greenie.muc.de>

"Because it makes sense" (checked with the Windows API documentation, and
compile-tested on ubuntu 16.04).

Your patch has been applied to the master and release/2.4 branch.

There was one issue with your patch that you might want to look into - it
seems to be based on a private branch that has a "#define REG_KEY" which
does not exist in my tree, and which I could not find any references to
on the mailing list either.  It broke applying the patch as it appeared
in patch context - but since none of the actual code line reference this,
I decided to apply the patch nonetheless (it has been lingering for way
too long already).

commit b1263b06db40f21a8fd20e0efd0c12e37ce89a2c (master)
commit b00dab5422669fca7304f4af111b7c259b8a0a55 (release/2.4)
Author: Selva Nair
Date:   Sat Nov 18 12:40:57 2017 -0500

     Ensure strings read from registry are null-terminated

     Signed-off-by: Selva Nair <selva.nair@gmail.com>
     Acked-by: Gert Doering <gert@greenie.muc.de>
     Message-Id: <1511026858-23281-1-git-send-email-selva.nair@gmail.com>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15893.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Selva Nair Feb. 20, 2018, 2:47 p.m. | #2
Hi,

On Tue, Feb 20, 2018 at 7:23 AM, Gert Doering <gert@greenie.muc.de> wrote:
> Acked-by: Gert Doering <gert@greenie.muc.de>
>
> "Because it makes sense" (checked with the Windows API documentation, and
> compile-tested on ubuntu 16.04).
>
> Your patch has been applied to the master and release/2.4 branch.
>
> There was one issue with your patch that you might want to look into - it
> seems to be based on a private branch that has a "#define REG_KEY" which
> does not exist in my tree, and which I could not find any references to
> on the mailing list either.  It broke applying the patch as it appeared
> in patch context - but since none of the actual code line reference this,
> I decided to apply the patch nonetheless (it has been lingering for way
> too long already).

That line got removed by the following commit (multiple service instances):

commit f3fec49b1c916a701058ef2445b4c07005c30673
Author: Simon Rozman <simon@rozman.si>
Date:   Sun Dec 3 22:16:54 2017 +0100
openvpnserv: Add support for multi-instances

So it was a rebase conflict. I scanned through the patch as applied
and all look ok.

Thanks,

Selva

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Gert Doering Feb. 20, 2018, 3:22 p.m. | #3
Hi,

On Tue, Feb 20, 2018 at 09:47:43AM -0500, Selva Nair wrote:
> > There was one issue with your patch that you might want to look into - it
> > seems to be based on a private branch that has a "#define REG_KEY" which
[..]
> 
> That line got removed by the following commit (multiple service instances):
> 
> commit f3fec49b1c916a701058ef2445b4c07005c30673
> Author: Simon Rozman <simon@rozman.si>
> Date:   Sun Dec 3 22:16:54 2017 +0100
> openvpnserv: Add support for multi-instances

Ah.  I thought it looked like Simon, but searched in the wrong place :-)

> So it was a rebase conflict. I scanned through the patch as applied
> and all look ok.

Thanks for double-checking.

gert

Patch

diff --git a/src/openvpnserv/common.c b/src/openvpnserv/common.c
index e77d7ab..bc99584 100644
--- a/src/openvpnserv/common.c
+++ b/src/openvpnserv/common.c
@@ -56,14 +56,18 @@  openvpn_sntprintf(LPTSTR str, size_t size, LPCTSTR format, ...)
 #define REG_KEY  TEXT("SOFTWARE\\" PACKAGE_NAME)
 
 static DWORD
-GetRegString(HKEY key, LPCTSTR value, LPTSTR data, DWORD size)
+GetRegString(HKEY key, LPCTSTR value, LPTSTR data, DWORD size, LPCTSTR default_value)
 {
-    DWORD type;
-    LONG status = RegQueryValueEx(key, value, NULL, &type, (LPBYTE) data, &size);
+    LONG status = RegGetValue(key, NULL, value, RRF_RT_REG_SZ|RRF_RT_REG_EXPAND_SZ,
+                              NULL, (LPBYTE) data, &size);
 
-    if (status == ERROR_SUCCESS && type != REG_SZ)
+    if (status == ERROR_FILE_NOT_FOUND && default_value)
     {
-        status = ERROR_DATATYPE_MISMATCH;
+        size_t len = size/sizeof(data[0]);
+        if (openvpn_sntprintf(data, len, default_value) > 0)
+        {
+            status = ERROR_SUCCESS;
+        }
     }
 
     if (status != ERROR_SUCCESS)
@@ -91,48 +95,48 @@  GetOpenvpnSettings(settings_t *s)
         return MsgToEventLog(M_SYSERR, TEXT("Could not open Registry key HKLM\\%s not found"), REG_KEY);
     }
 
-    error = GetRegString(key, TEXT("exe_path"), s->exe_path, sizeof(s->exe_path));
+    error = GetRegString(key, TEXT("exe_path"), s->exe_path, sizeof(s->exe_path), NULL);
     if (error != ERROR_SUCCESS)
     {
         goto out;
     }
 
-    error = GetRegString(key, TEXT("config_dir"), s->config_dir, sizeof(s->config_dir));
+    error = GetRegString(key, TEXT("config_dir"), s->config_dir, sizeof(s->config_dir), NULL);
     if (error != ERROR_SUCCESS)
     {
         goto out;
     }
 
-    error = GetRegString(key, TEXT("config_ext"), s->ext_string, sizeof(s->ext_string));
+    error = GetRegString(key, TEXT("config_ext"), s->ext_string, sizeof(s->ext_string), NULL);
     if (error != ERROR_SUCCESS)
     {
         goto out;
     }
 
-    error = GetRegString(key, TEXT("log_dir"), s->log_dir, sizeof(s->log_dir));
+    error = GetRegString(key, TEXT("log_dir"), s->log_dir, sizeof(s->log_dir), NULL);
     if (error != ERROR_SUCCESS)
     {
         goto out;
     }
 
-    error = GetRegString(key, TEXT("priority"), priority, sizeof(priority));
+    error = GetRegString(key, TEXT("priority"), priority, sizeof(priority), NULL);
     if (error != ERROR_SUCCESS)
     {
         goto out;
     }
 
-    error = GetRegString(key, TEXT("log_append"), append, sizeof(append));
+    error = GetRegString(key, TEXT("log_append"), append, sizeof(append), NULL);
     if (error != ERROR_SUCCESS)
     {
         goto out;
     }
 
     /* read if present, else use default */
-    error = GetRegString(key, TEXT("ovpn_admin_group"), s->ovpn_admin_group, sizeof(s->ovpn_admin_group));
+    error = GetRegString(key, TEXT("ovpn_admin_group"), s->ovpn_admin_group,
+                         sizeof(s->ovpn_admin_group), OVPN_ADMIN_GROUP);
     if (error != ERROR_SUCCESS)
     {
-        openvpn_sntprintf(s->ovpn_admin_group, _countof(s->ovpn_admin_group), OVPN_ADMIN_GROUP);
-        error = 0; /* this error is not fatal */
+        goto out;
     }
     /* set process priority */
     if (!_tcsicmp(priority, TEXT("IDLE_PRIORITY_CLASS")))