Message ID | 20220917125811.13549-1-a@unstable.cc |
---|---|
State | Accepted |
Headers | show |
Series | [Openvpn-devel] solaris/open_tun: prevent crash when dev is empty string | expand |
Acked-by: Gert Doering <gert@greenie.muc.de> I'm not sure how "dev" can ever be an empty string here, but if it can be one, we shouldn't crash :-) - subjected to t_client tests on OpenIndiana 2019 that excercise --dev tun/tap and --dev tun3/tap3 Trying around a bit, I came up with "openvpn --dev '' --dev-type tun" which would indeed end up there with an empty *dev, leading to *ptr pointing to random garbage (no crash here, but that's more luck in stack layout I'd say). With the bugfix, I get 2022-09-23 18:31:28 dev=8043451, ptr=8043451, *dev='00', *dev='', *ptr='' .. better. Your patch has been applied to the master branch. commit cec4353b60bc74a2d8d78ca6b8b6f9fae02e92eb Author: Antonio Quartulli Date: Sat Sep 17 14:58:11 2022 +0200 solaris/open_tun: prevent crash when dev is empty string Signed-off-by: Antonio Quartulli <a@unstable.cc> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <20220917125811.13549-1-a@unstable.cc> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25235.html Signed-off-by: Gert Doering <gert@greenie.muc.de> -- kind regards, Gert Doering
diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index a17ff50f..44fad06d 100644 --- a/src/openvpn/tun.c +++ b/src/openvpn/tun.c @@ -2379,10 +2379,11 @@ open_tun(const char *dev, const char *dev_type, const char *dev_node, struct tun msg(M_ERR, "Can't open %s", dev_node); } + ptr = dev; + /* get unit number */ - if (*dev) + if (*ptr) { - ptr = dev; while (*ptr && !isdigit((int) *ptr)) { ptr++;
This was originally reported on GH, but never dealt with. Make sure 'ptr' is always initialized to prevent derefence of null pointer in case of empty dev string. While at it, change the if condition to use ptr instead of dev, since dev is not used anymore in the logic. Signed-off-by: Antonio Quartulli <a@unstable.cc> --- src/openvpn/tun.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)