From patchwork Sat Nov 26 16:26:48 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maximilian Fillinger X-Patchwork-Id: 2858 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director14.mail.ord1d.rsapps.net ([172.27.255.55]) by backend30.mail.ord1d.rsapps.net with LMTP id ENoqNrs+gmOQXwAAIUCqbw (envelope-from ) for ; Sat, 26 Nov 2022 11:28:43 -0500 Received: from proxy3.mail.iad3a.rsapps.net ([172.27.255.55]) by director14.mail.ord1d.rsapps.net with LMTP id WE7sNbs+gmOMVgAAeJ7fFg (envelope-from ) for ; Sat, 26 Nov 2022 11:28:43 -0500 Received: from smtp23.gate.iad3a ([172.27.255.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy3.mail.iad3a.rsapps.net with LMTPS id aNO5Lbs+gmMpeQAAYaqY3Q (envelope-from ) for ; Sat, 26 Nov 2022 11:28:43 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp23.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (key not found in DNS) header.d=foxcrypto.com; dmarc=fail (p=none; dis=none) header.from=foxcrypto.com X-Suspicious-Flag: YES X-Classification-ID: 64585652-6da7-11ed-85a4-52540033eb40-1-1 Received: from [216.105.38.7] ([216.105.38.7:53046] helo=lists.sourceforge.net) by smtp23.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id B6/AC-27487-BBE32836; Sat, 26 Nov 2022 11:28:43 -0500 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1oyy1l-0008BI-Jo; Sat, 26 Nov 2022 16:27:41 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1oyy1j-0008Ax-CZ for openvpn-devel@lists.sourceforge.net; Sat, 26 Nov 2022 16:27:39 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :References:In-Reply-To:Message-ID:Date:Subject:CC:To:From:Sender:Reply-To: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=jSICxSZBLaAZwyrGGrj9XzIwCIVLhqrzkn4Hh6dNR/U=; b=MjRPpXrsPw+q7VnztGTZvrBN+L imYVZFYIbw4ekDzexeoBXn8cr5Bh1RPYNJcXobHYRC4aPTT3kz6rKAySvcgtvVVYPITgG5XVANXrx D5YtcZ/YPF4M0AMtwJ3dHD82UGwdtPIfGVPRP5njNqIS08cD1cJHPRf6UJVTzkRtDkjE=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:CC:To:From:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=jSICxSZBLaAZwyrGGrj9XzIwCIVLhqrzkn4Hh6dNR/U=; b=XRXb6RBGjrBUKUbvsntgl2yf9g WHXN+aZ4UIm5gLo1NB+A3iRjSu/0cXmMNgmQ2T4p9feS6iPG9DItmvaMHSqx5oBxkJ480/jaCpt2z rzM22fruelasYo3sF2rTMx0JC1QpZ/Z6GVENd5ZAjC48Xs/hvaE+efmAvi40QhG5g/KQ=; Received: from nl-dft-mx-01.fox-it.com ([178.250.144.135]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1oyy1K-00EhqW-S9 for openvpn-devel@lists.sourceforge.net; Sat, 26 Nov 2022 16:27:20 +0000 From: Max Fillinger To: Date: Sat, 26 Nov 2022 17:26:48 +0100 Message-ID: <20221126162648.150678-2-maximilian.fillinger@foxcrypto.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20221126162648.150678-1-maximilian.fillinger@foxcrypto.com> References: <20221126162648.150678-1-maximilian.fillinger@foxcrypto.com> MIME-Version: 1.0 X-ClientProxiedBy: FOXDFT1EX01.FOX.local (10.0.0.129) To FOXDFT1EX01.FOX.local (10.0.0.129) X-FE-Policy-ID: 13:3:2:SYSTEM DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; d=foxcrypto.com; s=NL-DFT-MX-01; c=relaxed/relaxed; h=from:to:cc:subject:date:message-id:references:mime-version:content-type; bh=jSICxSZBLaAZwyrGGrj9XzIwCIVLhqrzkn4Hh6dNR/U=; b=MR4XwC1oxN7nvflRosgyl70kl510MabcDg9HXByzQMqD9Gq/eKWvNCjgwpHtF8+7wF8MBcJXRKjE k02UStxtpdtKMUniVArKJ9cyoAjL8zQv69p53IH9/RM57NiW8MJW2bnUK7ANhzyrT5oR7CF0p3ti qWLTkxc0ZTcBW6cZWFmBlbgCgjnoK81D/uI2DYrbkMYw6vg0s+jwEZ7ibYL0QErh4brKCyXDmE9E 0usXo60eEO7waJEG34vKxOdhGk0Gmqj333AjQQA2g6SPNVJoSMP21sGblLDO2ekYIbd0KyNqIUDW mprCPuupXe1v/FAwRlSuROaKaF6zyOFMviTqcQ== X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: The current code only checks if the base64-encoded metadata is at most 980 characters. However, that can encode up to 735 bytes of data, while only up to 733 bytes are allowed. When passing 734 or 735 [...] Content analysis details: (0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid X-Headers-End: 1oyy1K-00EhqW-S9 Subject: [Openvpn-devel] [PATCH 2/2] Fix message for too long tls-crypt-v2 metadata X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox The current code only checks if the base64-encoded metadata is at most 980 characters. However, that can encode up to 735 bytes of data, while only up to 733 bytes are allowed. When passing 734 or 735 bytes, openvpn prints a misleading error message saying that the base64 cannot be decoded. This patch checks the decoded length to show an accurate error message. Signed-off-by: Max Fillinger Acked-By: Arne Schwabe --- src/openvpn/base64.h | 4 ++++ src/openvpn/tls_crypt.c | 18 +++++++++++------- 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/src/openvpn/base64.h b/src/openvpn/base64.h index f49860fc..7b4224a5 100644 --- a/src/openvpn/base64.h +++ b/src/openvpn/base64.h @@ -38,6 +38,10 @@ #define OPENVPN_BASE64_LENGTH(binary_length) \ ((((8 * binary_length) / 6) + 3) & ~3) +/** Compute the maximal number of bytes encoded in a base64 string. */ +#define OPENVPN_BASE64_DECODED_LENGTH(base64_length) \ + ((base64_length / 4) * 3) + int openvpn_base64_encode(const void *data, int size, char **str); int openvpn_base64_decode(const char *str, void *data, int size); diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c index 2fc79111..5d247b84 100644 --- a/src/openvpn/tls_crypt.c +++ b/src/openvpn/tls_crypt.c @@ -627,15 +627,11 @@ tls_crypt_v2_write_client_key_file(const char *filename, } ASSERT(buf_write(&dst, client_key.keys, sizeof(client_key.keys))); - struct buffer metadata = alloc_buf_gc(TLS_CRYPT_V2_MAX_METADATA_LEN, &gc); + struct buffer metadata; if (b64_metadata) { - if (TLS_CRYPT_V2_MAX_B64_METADATA_LEN < strlen(b64_metadata)) - { - msg(M_FATAL, - "ERROR: metadata too long (%d bytes, max %u bytes)", - (int)strlen(b64_metadata), TLS_CRYPT_V2_MAX_B64_METADATA_LEN); - } + size_t b64_length = strlen(b64_metadata); + metadata = alloc_buf_gc(OPENVPN_BASE64_DECODED_LENGTH(b64_length) + 1, &gc); ASSERT(buf_write(&metadata, &TLS_CRYPT_METADATA_TYPE_USER, 1)); int decoded_len = openvpn_base64_decode(b64_metadata, BEND(&metadata), BCAP(&metadata)); @@ -644,10 +640,18 @@ tls_crypt_v2_write_client_key_file(const char *filename, msg(M_FATAL, "ERROR: failed to base64 decode provided metadata"); goto cleanup; } + if (decoded_len > TLS_CRYPT_V2_MAX_METADATA_LEN) + { + msg(M_FATAL, + "ERROR: metadata too long (%d bytes, max %u bytes)", + decoded_len, TLS_CRYPT_V2_MAX_METADATA_LEN - 1); + goto cleanup; + } ASSERT(buf_inc_len(&metadata, decoded_len)); } else { + metadata = alloc_buf_gc(1 + sizeof(int64_t), &gc); int64_t timestamp = htonll((uint64_t)now); ASSERT(buf_write(&metadata, &TLS_CRYPT_METADATA_TYPE_TIMESTAMP, 1)); ASSERT(buf_write(&metadata, ×tamp, sizeof(timestamp)));