From patchwork Thu Apr 2 22:09:44 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 1072 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director7.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id ID2AO5b9hl7ZQAAAIUCqbw for ; Fri, 03 Apr 2020 05:10:47 -0400 Received: from proxy17.mail.ord1d.rsapps.net ([172.30.191.6]) by director7.mail.ord1d.rsapps.net with LMTP id CKFwO5b9hl51XgAAovjBpQ ; Fri, 03 Apr 2020 05:10:46 -0400 Received: from smtp15.gate.ord1c ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy17.mail.ord1d.rsapps.net with LMTP id EKdTO5b9hl6GEQAAWC7mWg ; Fri, 03 Apr 2020 05:10:46 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp15.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: ffadc6ea-758a-11ea-932b-bc305bf03694-1-1 Received: from [216.105.38.7] ([216.105.38.7:34018] helo=lists.sourceforge.net) by smtp15.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 61/10-19372-49DF68E5; Fri, 03 Apr 2020 05:10:44 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1jKIKx-0002S0-7v; Fri, 03 Apr 2020 09:10:03 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jKIKu-0002Rf-8k for openvpn-devel@lists.sourceforge.net; Fri, 03 Apr 2020 09:10:00 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc: MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=4ac73XMWZ4KW07Gmuf0AKFAmy85fy3bTbiOZxtYHxsw=; b=IxPFKLbG2YWv1Aod4uOdKMt2Kz nhd4kgxTE//IyXPZZInCUqe46fMa3PEuChmfDcHcy+y7oQ9Gqf90Ycex4ss/RyLMw2rIFAMJ7Vq/C aRdvK+goiW+aU9hn4zvHaIDc89YLGG3psehRN3Rgoh6CdhyBJdqFcA/wNNBKe4kRDCKI=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=4ac73XMWZ4KW07Gmuf0AKFAmy85fy3bTbiOZxtYHxsw=; b=GRoxBq8KYYaY0+PJSoo37YIAvG pNTCAym9pBozlJFUuf/JylSFBMlwzFL9E8eJmgZmvHMF1idpbP+8d5twCOqFaU48eTEX9285sQjJe xe9oq9eM9XU3f/qwJr6mDRrqhdkBOq4KXlKQ72+y7qYpH4TgoK8HIPRW6TsXWTUYHZNw=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-3.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2) id 1jKIKo-0029o4-Vo for openvpn-devel@lists.sourceforge.net; Fri, 03 Apr 2020 09:10:00 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.92.3 (FreeBSD)) (envelope-from ) id 1jKIKe-000D0K-Hd for openvpn-devel@lists.sourceforge.net; Fri, 03 Apr 2020 11:09:44 +0200 Received: (nullmailer pid 17771 invoked by uid 10006); Fri, 03 Apr 2020 09:09:44 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Fri, 3 Apr 2020 11:09:44 +0200 Message-Id: <20200403090944.17726-1-arne@rfc2549.org> X-Mailer: git-send-email 2.17.1 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.1 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1jKIKo-0029o4-Vo Subject: [Openvpn-devel] [PATCH] Fix off-by-one in tls-crypt-v2 client wrapping with custom metadata X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Instead of writing at the end of the metadata buffer, the decoded base64 data overwrites the opcode as BPTR points to the beginning of the buffer and not the current position. Replace with BEND to fix this off-by-one Signed-off-by: Arne Schwabe Acked-by: Steffan Karger --- src/openvpn/tls_crypt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c index 37df2ce7..e9f9cc2a 100644 --- a/src/openvpn/tls_crypt.c +++ b/src/openvpn/tls_crypt.c @@ -664,7 +664,7 @@ tls_crypt_v2_write_client_key_file(const char *filename, (int)strlen(b64_metadata), TLS_CRYPT_V2_MAX_B64_METADATA_LEN); } ASSERT(buf_write(&metadata, &TLS_CRYPT_METADATA_TYPE_USER, 1)); - int decoded_len = openvpn_base64_decode(b64_metadata, BPTR(&metadata), + int decoded_len = openvpn_base64_decode(b64_metadata, BEND(&metadata), BCAP(&metadata)); if (decoded_len < 0) {