| Message ID | 045ab59d11284a222e6ce5681d20fa7cb52ae84b-HTML@gerrit.openvpn.net |
|---|---|
| State | Superseded |
| Headers | show
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Received: by 2002:a05:7000:b7cb:b0:5e7:b9eb:58e8 with SMTP id
en11csp1560552mab;
Mon, 13 Jan 2025 02:44:40 -0800 (PST)
X-Forwarded-Encrypted: i=2;
AJvYcCViCS4P5s5TwPfCrnrtv+oNHGfpNBS9eXUD86MA9gWiCJabFMv0Y24UyGm2EDt/D+BSmodWh5Jmbq4=@openvpn.net
X-Google-Smtp-Source:
AGHT+IGw/DYjsAEFc9RwBluzZxt8+KuTkUJp4IhzqHTxGNOXeiuIdJAAelaQqrJm7ImeeS9NuFyL
X-Received: by 2002:a05:6808:158a:b0:3eb:62d4:7098 with SMTP id
5614622812f47-3ef2eda5005mr12834208b6e.37.1736765080473;
Mon, 13 Jan 2025 02:44:40 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1736765080; cv=none;
d=google.com; s=arc-20240605;
b=Tjaro5UgPg83HIHOrfHcHaJT6mRuSKa+EfKZyouF4hc+ek+2aevrBCIophC53cpFpU
VRf6jW3FVixev+SMXAoAaWt/RX90RkAOU3UQychhP0/suMswGitfMyhZvqU/aZt4dHSf
ZT5nfi2oKH8lFRYmo1FWtj4H7RPyZ1JFGAsqvIUVJA46n5b7pkHLFS6QsN074NXNRAzm
jmzfLU5XsnIe4Zt8k+45JrfUMaGxZ194ej700tvvLjalL3Haf7yP8As7EQpzp1ybPkOx
cI62ZSFVcHwzbhqgRb+os+3jaGs1kfqFOr2idwsy7KESeElU6Yb5+kbPG4KM54YvEE/z
7ZIw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20240605;
h=errors-to:cc:reply-to:list-subscribe:list-help:list-post
:list-archive:list-unsubscribe:list-id:precedence:subject:user-agent
:mime-version:message-id:references:auto-submitted:to:date:from
:dkim-signature:dkim-signature:dkim-signature;
bh=M1pXDPdGGiDuv9V64QYK4SVux6YPPx9vBRDmAVBVrQ8=;
fh=GFP4qDxgyJ2WEPo/oeLZg3Mj4NqvY1j2nTvTt7psNwg=;
b=bCHZ/Oe2JAKdph812ovBpJrBXftbxG+peN3oWcOp967muOsAaBEAjRrpx4xJVDM8Gw
VZAUA4m1KpYYU933Ec+651jK8vk1NThCVKFiT8CMmATTxMCKeXVZr841hyXPqu/b3dTc
OXUVwxh/XLsoJfApRAqrw8yAr9hfqF/tvmDkcZucDNqKzFn1U+WBKulv0ELdPQmHcUGv
fyzHY+tsbhcnHoXWJGRVXJ4eA8zT+iZA17FpFCxre54q8Ed+TkrPFwLs4xavRlmlSqQY
kD0ag/mLM+iRwhHPhgIUWVaslRh8yNccvnTvXihhdmF0ILA3Cj5A+VOySEjFrdNf7KMs
z0Qw==;
dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
dkim=neutral (body hash did not verify) header.i=@sourceforge.net
header.s=x header.b=GWvQHPRs;
dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
header.b=StUG8LCw;
dkim=neutral (body hash did not verify) header.i=@openvpn.net
header.s=google header.b=YJx8dQr4;
spf=pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net;
dara=fail header.i=@openvpn.net
Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7])
by mx.google.com with ESMTPS id
5614622812f47-3f037a2d168si7261952b6e.178.2025.01.13.02.44.40
(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
Mon, 13 Jan 2025 02:44:40 -0800 (PST)
Received-SPF: pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) client-ip=216.105.38.7;
Authentication-Results: mx.google.com;
dkim=neutral (body hash did not verify) header.i=@sourceforge.net
header.s=x header.b=GWvQHPRs;
dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
header.b=StUG8LCw;
dkim=neutral (body hash did not verify) header.i=@openvpn.net
header.s=google header.b=YJx8dQr4;
spf=pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net;
dara=fail header.i=@openvpn.net
Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com)
by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95)
(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
id 1tXHvu-0008OR-QG;
Mon, 13 Jan 2025 10:44:35 +0000
Received: from [172.30.29.66] (helo=mx.sourceforge.net)
by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
(envelope-from <gerrit@openvpn.net>) id 1tXHvt-0008OD-PC
for openvpn-devel@lists.sourceforge.net;
Mon, 13 Jan 2025 10:44:34 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version
:Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:
From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From:
Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:
List-Subscribe:List-Post:List-Owner:List-Archive;
bh=45M8RH+1fEfAR1GEU0YuwxYcSehKy2/mG0XS1RlbCWs=; b=GWvQHPRstpgmE4D0/UBW1GRxgT
pjy5iHWCsasEIZypmSCckVkJFbAOar4G6ZcTIGolKv0qAR3QUDpjpgiqXE2jwookD1SlNtueHe1RF
dsjMvHQGTn1eyMlsrDaz5oAo14O8/EQn/wtfRB4CTOU/WhzV/NnR+yyNhrOIkCgtKjS4=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
;
h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To:
References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID
:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:
Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post:
List-Owner:List-Archive; bh=45M8RH+1fEfAR1GEU0YuwxYcSehKy2/mG0XS1RlbCWs=; b=S
tUG8LCwFwfIsP8HcRQOWhrqSN1BQXbWfOafhre+VWQ0+6DCCFKR6JZRlH1Oy41XO+VjuwXUUVhXlE
ZSpKeiz67WNcyRgJlMbcmm/tnkKiy5sZam2F5Fh/YVZYIx86yFZRk/QFm4Lfy/I6KH+8sw26ASTP6
w7q/3SgIAzCMb1Y8=;
Received: from mail-wm1-f47.google.com ([209.85.128.47])
by sfi-mx-2.v28.lw.sourceforge.com with esmtps
(TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95)
id 1tXHvt-0004NV-Gc for openvpn-devel@lists.sourceforge.net;
Mon, 13 Jan 2025 10:44:34 +0000
Received: by mail-wm1-f47.google.com with SMTP id
5b1f17b1804b1-436a39e4891so28253405e9.1
for <openvpn-devel@lists.sourceforge.net>;
Mon, 13 Jan 2025 02:44:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=openvpn.net; s=google; t=1736765062; x=1737369862;
darn=lists.sourceforge.net;
h=user-agent:content-disposition:content-transfer-encoding
:mime-version:message-id:reply-to:references:subject
:list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc
:subject:date:message-id:reply-to;
bh=45M8RH+1fEfAR1GEU0YuwxYcSehKy2/mG0XS1RlbCWs=;
b=YJx8dQr4UGofdXG3XgxOcUnz7w69uW7WnNn8i+IsYRrA5ZNsV6THuwBkCFaM5GgF+p
phLRAQ5dO83lchPThOO5QqQcz0MPaXQtSLCvjU/jWEgzPPz9bBymFVA98cqGOxYoBGk4
S1YVE2PzO7Ag+YZE1wPrPPrjm1Hwt+g8V7zwi/Kb6Gpup1dnLEvyJ++K1qx/hdCYRFx+
7CaLR5EkU2sUzcHEL0T8VxsPk8ICxmpUVkHAPtOnd2BOueILGYQ7An1aMtBhyB7wmy+B
mC7H6psj2GAvIz6Id5Da8fMdi3icS7wv3TS4VXDAMb96SfbYLGpZT42H4HxenvVv/uc6
bEEQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1736765062; x=1737369862;
h=user-agent:content-disposition:content-transfer-encoding
:mime-version:message-id:reply-to:references:subject
:list-unsubscribe:list-id:auto-submitted:cc:to:date:from
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=45M8RH+1fEfAR1GEU0YuwxYcSehKy2/mG0XS1RlbCWs=;
b=SBaVZd2HxeRrvQhDWnDSByifKNbixIZLMP7wML/gXN05g0dXQ+jM5qo7O2u/6nMX73
Fs2zKQTJQxVQwWhoIqm42QYlaSFVXF31rppZj44ORk0AfAD6WL/8fFgOjrrRA/25CXEW
Cux8KlOmZ3vyufKSZEvH4MVED1p5C9tBPPlMoi+HNacgO4hihA5R530I1nZ1Oag5gAbs
XVF41wSdbfHlMFhsXvS3prizpXGC5wFJrdzM1U+8Yt1fo67HQc/g+zEMPT21/5XQIJXK
D+T/pSeT428cmyD3F4iLZW2TT/HyVATOtJG/DOjtjQDb44l/REhnEuV+FzWYaPmnLyNy
KnYw==
X-Gm-Message-State: AOJu0Ywg2t+KBLaKO1SZfzZW2tjD2OzAurE67VXrIq66pXUB7nG+TQ03
5A9JbecmjTnS8Xfld1fSE75V71byzF45jf1kaOOPfgeZOneYs/q2Xk4FYjIxuaIUBRs+6tm5XUH
l
X-Gm-Gg: ASbGncurJ2OEjfCvaIaSR4zA4pmFFDO0c8SfkMx5CPO/Gh/x9RO+S95S6n/lFeQkBXO
7n4YEzsTHiAYaOGk+wHghzZdRdrP/b8nedtss/eqOIV+QsylZCMLZ2XPS3wCBbYLaLUguSlUh7n
rMBpM2TtJnp2BvmTkG9jO65AoF92UCFqFC28QLKgtWjpVIHo/pIxCApSIIBwSf8nlQnUP6+92Po
JbJ2vikJiq/7O9iAyIjZIOjmlYPB7TioOrpM36nqzIiBhjMn6LmCaffmwZ+gvB4/AbKyj5s50n4
apDkuQARNULWXSIcVH8jlP7ZO8II0Fzp5OSWTguwmhD2lYBz
X-Received: by 2002:a05:6000:2c5:b0:386:2fc8:ef86 with SMTP id
ffacd0b85a97d-38a872da886mr16197130f8f.14.1736765060525;
Mon, 13 Jan 2025 02:44:20 -0800 (PST)
Received: from gerrit.openvpn.in
(ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78])
by smtp.gmail.com with ESMTPSA id
ffacd0b85a97d-38a8e4c1d13sm11938609f8f.91.2025.01.13.02.44.19
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Mon, 13 Jan 2025 02:44:20 -0800 (PST)
From: "flichtenheld (Code Review)" <gerrit@openvpn.net>
X-Google-Original-From: "flichtenheld (Code Review)"
<gerrit@gerrit.openvpn.in>
X-Gerrit-PatchSet: 1
Date: Mon, 13 Jan 2025 10:44:19 +0000
To: plaisthos <arne-openvpn@rfc2549.org>
Auto-Submitted: auto-generated
X-Gerrit-MessageType: newchange
X-Gerrit-Change-Id: I0391f30a1e962ee242e9bcdec4f605bf7e831cca
X-Gerrit-Change-Number: 858
X-Gerrit-Project: openvpn
X-Gerrit-ChangeURL: <http://gerrit.openvpn.net/c/openvpn/+/858?usp=email>
X-Gerrit-Commit: 399f0892f7288b7e02632d2045975a2ec60a846e
References:
<gerrit.1736765057000.I0391f30a1e962ee242e9bcdec4f605bf7e831cca@gerrit.openvpn.net>
Message-ID: <045ab59d11284a222e6ce5681d20fa7cb52ae84b-HTML@gerrit.openvpn.net>
MIME-Version: 1.0
User-Agent: Gerrit/3.8.2
X-Spam-Score: -2.0 (--)
X-Spam-Report: Spam detection software,
running on the system "util-spamd-2.v13.lw.sourceforge.com",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Attention is currently required from: plaisthos. Hello
plaisthos, I'd like you to do a code review. Please visit
Content analysis details: (-2.0 points, 6.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/,
no trust [209.85.128.47 listed in list.dnswl.org]
0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE:
The query to Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[209.85.128.47 listed in sa-trusted.bondedsender.org]
0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The
query to Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[209.85.128.47 listed in bl.score.senderscore.com]
-1.8 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.128.47 listed in wl.mailspike.net]
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP
0.0 HTML_MESSAGE BODY: HTML included in message
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily
valid
0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted
Colors in HTML
X-Headers-End: 1tXHvt-0004NV-Gc
Subject: [Openvpn-devel] [S] Change in openvpn[master]: Fix "uninitialized
pointer read" in openvpn_decrypt_aead
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
<mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive:
<http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
<mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Reply-To: frank@lichtenheld.com, arne-openvpn@rfc2549.org,
openvpn-devel@lists.sourceforge.net
Cc: openvpn-devel <openvpn-devel@lists.sourceforge.net>
Content-Type: multipart/mixed; boundary="===============7252497434394669335=="
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox
X-GMAIL-THRID: =?utf-8?q?1821130180698055675?=
X-GMAIL-MSGID: =?utf-8?q?1821130180698055675?=
X-getmail-filter-classifier: gerrit message type newchange
|
| Series |
[Openvpn-devel,S] Change in openvpn[master]: Fix "uninitialized pointer read" in openvpn_decrypt_aead
|
expand
|
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index 84ec436..dbd95a8 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -406,17 +406,15 @@ static const char error_prefix[] = "AEAD Decrypt error"; struct packet_id_net pin = { 0 }; struct key_ctx *ctx = &opt->key_ctx_bi.decrypt; + struct gc_arena gc; + + gc_init(&gc); if (cipher_decrypt_verify_fail_exceeded(ctx)) { CRYPT_DROP("Decryption failed verification limit reached."); } - int outlen; - struct gc_arena gc; - - gc_init(&gc); - ASSERT(opt); ASSERT(frame); ASSERT(buf->len > 0); @@ -506,6 +504,8 @@ dmsg(D_PACKET_CONTENT, "DECRYPT AD: %s", format_hex(ad_start, ad_size, 0, &gc)); + int outlen; + /* Decrypt and authenticate packet */ if (!cipher_ctx_update(ctx->cipher, BPTR(&work), &outlen, BPTR(buf), data_len))
Attention is currently required from: plaisthos. Hello plaisthos, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/858?usp=email to review the following change. Change subject: Fix "uninitialized pointer read" in openvpn_decrypt_aead ...................................................................... Fix "uninitialized pointer read" in openvpn_decrypt_aead Coverity complains that if we error out in the first error condition we try to free gc without initializing it. While here move the declaration of outlen to the first usage. Change-Id: I0391f30a1e962ee242e9bcdec4f605bf7e831cca Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> --- M src/openvpn/crypto.c 1 file changed, 5 insertions(+), 5 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/58/858/1