Message ID | 045ab59d11284a222e6ce5681d20fa7cb52ae84b-HTML@gerrit.openvpn.net |
---|---|
State | Superseded |
Headers | show
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net> Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:b7cb:b0:5e7:b9eb:58e8 with SMTP id en11csp1560552mab; Mon, 13 Jan 2025 02:44:40 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCViCS4P5s5TwPfCrnrtv+oNHGfpNBS9eXUD86MA9gWiCJabFMv0Y24UyGm2EDt/D+BSmodWh5Jmbq4=@openvpn.net X-Google-Smtp-Source: AGHT+IGw/DYjsAEFc9RwBluzZxt8+KuTkUJp4IhzqHTxGNOXeiuIdJAAelaQqrJm7ImeeS9NuFyL X-Received: by 2002:a05:6808:158a:b0:3eb:62d4:7098 with SMTP id 5614622812f47-3ef2eda5005mr12834208b6e.37.1736765080473; Mon, 13 Jan 2025 02:44:40 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1736765080; cv=none; d=google.com; s=arc-20240605; b=Tjaro5UgPg83HIHOrfHcHaJT6mRuSKa+EfKZyouF4hc+ek+2aevrBCIophC53cpFpU VRf6jW3FVixev+SMXAoAaWt/RX90RkAOU3UQychhP0/suMswGitfMyhZvqU/aZt4dHSf ZT5nfi2oKH8lFRYmo1FWtj4H7RPyZ1JFGAsqvIUVJA46n5b7pkHLFS6QsN074NXNRAzm jmzfLU5XsnIe4Zt8k+45JrfUMaGxZ194ej700tvvLjalL3Haf7yP8As7EQpzp1ybPkOx cI62ZSFVcHwzbhqgRb+os+3jaGs1kfqFOr2idwsy7KESeElU6Yb5+kbPG4KM54YvEE/z 7ZIw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:cc:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent :mime-version:message-id:references:auto-submitted:to:date:from :dkim-signature:dkim-signature:dkim-signature; bh=M1pXDPdGGiDuv9V64QYK4SVux6YPPx9vBRDmAVBVrQ8=; fh=GFP4qDxgyJ2WEPo/oeLZg3Mj4NqvY1j2nTvTt7psNwg=; b=bCHZ/Oe2JAKdph812ovBpJrBXftbxG+peN3oWcOp967muOsAaBEAjRrpx4xJVDM8Gw VZAUA4m1KpYYU933Ec+651jK8vk1NThCVKFiT8CMmATTxMCKeXVZr841hyXPqu/b3dTc OXUVwxh/XLsoJfApRAqrw8yAr9hfqF/tvmDkcZucDNqKzFn1U+WBKulv0ELdPQmHcUGv fyzHY+tsbhcnHoXWJGRVXJ4eA8zT+iZA17FpFCxre54q8Ed+TkrPFwLs4xavRlmlSqQY kD0ag/mLM+iRwhHPhgIUWVaslRh8yNccvnTvXihhdmF0ILA3Cj5A+VOySEjFrdNf7KMs z0Qw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=GWvQHPRs; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=StUG8LCw; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=YJx8dQr4; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 5614622812f47-3f037a2d168si7261952b6e.178.2025.01.13.02.44.40 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 13 Jan 2025 02:44:40 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=GWvQHPRs; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=StUG8LCw; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=YJx8dQr4; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from <openvpn-devel-bounces@lists.sourceforge.net>) id 1tXHvu-0008OR-QG; Mon, 13 Jan 2025 10:44:35 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from <gerrit@openvpn.net>) id 1tXHvt-0008OD-PC for openvpn-devel@lists.sourceforge.net; Mon, 13 Jan 2025 10:44:34 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date: From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help: List-Subscribe:List-Post:List-Owner:List-Archive; bh=45M8RH+1fEfAR1GEU0YuwxYcSehKy2/mG0XS1RlbCWs=; b=GWvQHPRstpgmE4D0/UBW1GRxgT pjy5iHWCsasEIZypmSCckVkJFbAOar4G6ZcTIGolKv0qAR3QUDpjpgiqXE2jwookD1SlNtueHe1RF dsjMvHQGTn1eyMlsrDaz5oAo14O8/EQn/wtfRB4CTOU/WhzV/NnR+yyNhrOIkCgtKjS4=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To: References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post: List-Owner:List-Archive; bh=45M8RH+1fEfAR1GEU0YuwxYcSehKy2/mG0XS1RlbCWs=; b=S tUG8LCwFwfIsP8HcRQOWhrqSN1BQXbWfOafhre+VWQ0+6DCCFKR6JZRlH1Oy41XO+VjuwXUUVhXlE ZSpKeiz67WNcyRgJlMbcmm/tnkKiy5sZam2F5Fh/YVZYIx86yFZRk/QFm4Lfy/I6KH+8sw26ASTP6 w7q/3SgIAzCMb1Y8=; Received: from mail-wm1-f47.google.com ([209.85.128.47]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1tXHvt-0004NV-Gc for openvpn-devel@lists.sourceforge.net; Mon, 13 Jan 2025 10:44:34 +0000 Received: by mail-wm1-f47.google.com with SMTP id 5b1f17b1804b1-436a39e4891so28253405e9.1 for <openvpn-devel@lists.sourceforge.net>; Mon, 13 Jan 2025 02:44:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openvpn.net; s=google; t=1736765062; x=1737369862; darn=lists.sourceforge.net; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc :subject:date:message-id:reply-to; bh=45M8RH+1fEfAR1GEU0YuwxYcSehKy2/mG0XS1RlbCWs=; b=YJx8dQr4UGofdXG3XgxOcUnz7w69uW7WnNn8i+IsYRrA5ZNsV6THuwBkCFaM5GgF+p phLRAQ5dO83lchPThOO5QqQcz0MPaXQtSLCvjU/jWEgzPPz9bBymFVA98cqGOxYoBGk4 S1YVE2PzO7Ag+YZE1wPrPPrjm1Hwt+g8V7zwi/Kb6Gpup1dnLEvyJ++K1qx/hdCYRFx+ 7CaLR5EkU2sUzcHEL0T8VxsPk8ICxmpUVkHAPtOnd2BOueILGYQ7An1aMtBhyB7wmy+B mC7H6psj2GAvIz6Id5Da8fMdi3icS7wv3TS4VXDAMb96SfbYLGpZT42H4HxenvVv/uc6 bEEQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736765062; x=1737369862; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=45M8RH+1fEfAR1GEU0YuwxYcSehKy2/mG0XS1RlbCWs=; b=SBaVZd2HxeRrvQhDWnDSByifKNbixIZLMP7wML/gXN05g0dXQ+jM5qo7O2u/6nMX73 Fs2zKQTJQxVQwWhoIqm42QYlaSFVXF31rppZj44ORk0AfAD6WL/8fFgOjrrRA/25CXEW Cux8KlOmZ3vyufKSZEvH4MVED1p5C9tBPPlMoi+HNacgO4hihA5R530I1nZ1Oag5gAbs XVF41wSdbfHlMFhsXvS3prizpXGC5wFJrdzM1U+8Yt1fo67HQc/g+zEMPT21/5XQIJXK D+T/pSeT428cmyD3F4iLZW2TT/HyVATOtJG/DOjtjQDb44l/REhnEuV+FzWYaPmnLyNy KnYw== X-Gm-Message-State: AOJu0Ywg2t+KBLaKO1SZfzZW2tjD2OzAurE67VXrIq66pXUB7nG+TQ03 5A9JbecmjTnS8Xfld1fSE75V71byzF45jf1kaOOPfgeZOneYs/q2Xk4FYjIxuaIUBRs+6tm5XUH l X-Gm-Gg: ASbGncurJ2OEjfCvaIaSR4zA4pmFFDO0c8SfkMx5CPO/Gh/x9RO+S95S6n/lFeQkBXO 7n4YEzsTHiAYaOGk+wHghzZdRdrP/b8nedtss/eqOIV+QsylZCMLZ2XPS3wCBbYLaLUguSlUh7n rMBpM2TtJnp2BvmTkG9jO65AoF92UCFqFC28QLKgtWjpVIHo/pIxCApSIIBwSf8nlQnUP6+92Po JbJ2vikJiq/7O9iAyIjZIOjmlYPB7TioOrpM36nqzIiBhjMn6LmCaffmwZ+gvB4/AbKyj5s50n4 apDkuQARNULWXSIcVH8jlP7ZO8II0Fzp5OSWTguwmhD2lYBz X-Received: by 2002:a05:6000:2c5:b0:386:2fc8:ef86 with SMTP id ffacd0b85a97d-38a872da886mr16197130f8f.14.1736765060525; Mon, 13 Jan 2025 02:44:20 -0800 (PST) Received: from gerrit.openvpn.in (ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-38a8e4c1d13sm11938609f8f.91.2025.01.13.02.44.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 13 Jan 2025 02:44:20 -0800 (PST) From: "flichtenheld (Code Review)" <gerrit@openvpn.net> X-Google-Original-From: "flichtenheld (Code Review)" <gerrit@gerrit.openvpn.in> X-Gerrit-PatchSet: 1 Date: Mon, 13 Jan 2025 10:44:19 +0000 To: plaisthos <arne-openvpn@rfc2549.org> Auto-Submitted: auto-generated X-Gerrit-MessageType: newchange X-Gerrit-Change-Id: I0391f30a1e962ee242e9bcdec4f605bf7e831cca X-Gerrit-Change-Number: 858 X-Gerrit-Project: openvpn X-Gerrit-ChangeURL: <http://gerrit.openvpn.net/c/openvpn/+/858?usp=email> X-Gerrit-Commit: 399f0892f7288b7e02632d2045975a2ec60a846e References: <gerrit.1736765057000.I0391f30a1e962ee242e9bcdec4f605bf7e831cca@gerrit.openvpn.net> Message-ID: <045ab59d11284a222e6ce5681d20fa7cb52ae84b-HTML@gerrit.openvpn.net> MIME-Version: 1.0 User-Agent: Gerrit/3.8.2 X-Spam-Score: -2.0 (--) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Attention is currently required from: plaisthos. Hello plaisthos, I'd like you to do a code review. Please visit Content analysis details: (-2.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.128.47 listed in list.dnswl.org] 0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [209.85.128.47 listed in sa-trusted.bondedsender.org] 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [209.85.128.47 listed in bl.score.senderscore.com] -1.8 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.128.47 listed in wl.mailspike.net] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML X-Headers-End: 1tXHvt-0004NV-Gc Subject: [Openvpn-devel] [S] Change in openvpn[master]: Fix "uninitialized pointer read" in openvpn_decrypt_aead X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: <openvpn-devel.lists.sourceforge.net> List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>, <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe> List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel> List-Post: <mailto:openvpn-devel@lists.sourceforge.net> List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help> List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>, <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe> Reply-To: frank@lichtenheld.com, arne-openvpn@rfc2549.org, openvpn-devel@lists.sourceforge.net Cc: openvpn-devel <openvpn-devel@lists.sourceforge.net> Content-Type: multipart/mixed; boundary="===============7252497434394669335==" Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1821130180698055675?= X-GMAIL-MSGID: =?utf-8?q?1821130180698055675?= X-getmail-filter-classifier: gerrit message type newchange |
Series |
[Openvpn-devel,S] Change in openvpn[master]: Fix "uninitialized pointer read" in openvpn_decrypt_aead
|
expand
|
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index 84ec436..dbd95a8 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -406,17 +406,15 @@ static const char error_prefix[] = "AEAD Decrypt error"; struct packet_id_net pin = { 0 }; struct key_ctx *ctx = &opt->key_ctx_bi.decrypt; + struct gc_arena gc; + + gc_init(&gc); if (cipher_decrypt_verify_fail_exceeded(ctx)) { CRYPT_DROP("Decryption failed verification limit reached."); } - int outlen; - struct gc_arena gc; - - gc_init(&gc); - ASSERT(opt); ASSERT(frame); ASSERT(buf->len > 0); @@ -506,6 +504,8 @@ dmsg(D_PACKET_CONTENT, "DECRYPT AD: %s", format_hex(ad_start, ad_size, 0, &gc)); + int outlen; + /* Decrypt and authenticate packet */ if (!cipher_ctx_update(ctx->cipher, BPTR(&work), &outlen, BPTR(buf), data_len))
Attention is currently required from: plaisthos. Hello plaisthos, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/858?usp=email to review the following change. Change subject: Fix "uninitialized pointer read" in openvpn_decrypt_aead ...................................................................... Fix "uninitialized pointer read" in openvpn_decrypt_aead Coverity complains that if we error out in the first error condition we try to free gc without initializing it. While here move the declaration of outlen to the first usage. Change-Id: I0391f30a1e962ee242e9bcdec4f605bf7e831cca Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> --- M src/openvpn/crypto.c 1 file changed, 5 insertions(+), 5 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/58/858/1