| Message ID | 20221215190143.2107896-8-arne@rfc2549.org |
|---|---|
| State | Accepted |
| Headers |
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Received: by 2002:a05:7300:c95:b0:82:e4b3:40a0 with SMTP id p21csp632025dyk;
Thu, 15 Dec 2022 11:02:43 -0800 (PST)
X-Google-Smtp-Source:
AA0mqf56h5WKXZSXal0Ge0zPPtNBWAN/1imcXTahILxStjiBAEqtTSTNfIZyVqc5UgyMOnK49u8Q
X-Received: by 2002:a05:6102:4ad:b0:3b5:1c66:8462 with SMTP id
r13-20020a05610204ad00b003b51c668462mr8263318vsa.12.1671130962898;
Thu, 15 Dec 2022 11:02:42 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1671130962; cv=none;
d=google.com; s=arc-20160816;
b=COofd1OGhhXAmhkZBWpid5yZKZH3GXogL7JuySXR5qp8xl2YmfSDOrvPv1mtHRzJmW
gCjeX8zdo9Tcsy7lYxFCZ7z1x+m3gwWUxYbZK26XxmUTDjVuI5W6y1uTJATxIQbkTD1u
RKFvb7ZGo5JvDUnYH2AdH8dh/Ufg9vxNnKNTmN/vz9LRCcceHFe9Yzr1ge4nycmnsLIT
OG2TS5VmwnDikOaa3IT3chNFtoCvAlYCtYeJ094Wsrcdnhz6uUwU7pPofkpvfNhjRw2E
bw+eZJ3ed9/0NYRnEZUz2YmmE5HsigD8BjYT0fEmIgbP3IH3FH0PVcRJ6apU1ScVWxss
nEMQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=errors-to:content-transfer-encoding:list-subscribe:list-help
:list-post:list-archive:list-unsubscribe:list-id:precedence:subject
:mime-version:references:in-reply-to:message-id:date:to:from
:dkim-signature:dkim-signature;
bh=2EOLnSbHcplVkeDPYcx1okOXGyCwEoJr1dvmcl3vxuo=;
b=gzHtmJYMOCeochFfFhG60Dxlet90GnSAIPowau6tX8sHeQXRtJDjKoXjFkkrkvzH7v
kbKtMBwv2OUVVCX7V1YNQtaQXWZOdKoQFfNy/AW6uUWdNoe64RMyxJYAyst/Q/Ic+J/n
Lfm6q0XpfOpeLt2FXCw/NfEPxhfGnL2lMyuiGIZygBykKYgXd3GgCuaibWOymZSomq4Q
vl9R2cFeII+KY0aYx+Wzin6XAe1Aer+cz+0HpIi7FGhgr03nINphYSr6CY34LhF2CYdj
7DCTGwuE50ECB+33hRupSFt0cg0OPGTgBVSWjkpf+JHMl6QcLk9TYl94EUMABHGsnVm6
JbfQ==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=neutral (body hash did not verify) header.i=@sourceforge.net
header.s=x header.b=LePoKAHc;
dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
header.b=gTdvjGfB;
spf=pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net
Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7])
by mx.google.com with ESMTPS id
i40-20020a0561023d2800b003b089fe31d4si2087774vsv.607.2022.12.15.11.02.42
(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
Thu, 15 Dec 2022 11:02:42 -0800 (PST)
Received-SPF: pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) client-ip=216.105.38.7;
Authentication-Results: mx.google.com;
dkim=neutral (body hash did not verify) header.i=@sourceforge.net
header.s=x header.b=LePoKAHc;
dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
header.b=gTdvjGfB;
spf=pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net
Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com)
by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95)
(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
id 1p5tUS-0001ww-IQ;
Thu, 15 Dec 2022 19:01:56 +0000
Received: from [172.30.20.202] (helo=mx.sourceforge.net)
by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
(envelope-from <arne@kamera.blinkt.de>) id 1p5tUP-0001wd-GP
for openvpn-devel@lists.sourceforge.net;
Thu, 15 Dec 2022 19:01:53 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References:
In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:
Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
List-Subscribe:List-Post:List-Owner:List-Archive;
bh=iG3eXgeYj3d1z2qZgvLRpwa/d2iMZ6vMs99ge3pSG1k=; b=LePoKAHcvywdwyRpMoD/kzCxvF
xT8M/0YFu4D2wVMIHOK9Db+PsnlfGVXAZYYQuAWBLp6XGv8w9dWJ3INpHbrw7CaKj+MCV2Flr2O9j
dzYxk87cx/YBP8psWRPwQf9XLFiU7MANTXbtC2iABemvUpy4W4nxhSlOE4ktbB4hYqws=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
;
h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id:
Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID:
Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
List-Post:List-Owner:List-Archive;
bh=iG3eXgeYj3d1z2qZgvLRpwa/d2iMZ6vMs99ge3pSG1k=; b=gTdvjGfBMxqwWRLBb7+LLGk4DJ
j+wYxgar/g6d0OqsWbnRaYKigcq3/6sQ3vIU57vnuzKvSJP14nRLitTGF43hCKO+U2FNOUjmQerER
JkkA/VrUpIvcq9q6u6JgFm4vrHVhJuZt4Rn/rHi/ZYsLwRLsdyi/phypxeT/0TxT4dAU=;
Received: from mail.blinkt.de ([192.26.174.232])
by sfi-mx-2.v28.lw.sourceforge.com with esmtps
(TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95)
id 1p5tUN-0001Gl-IZ for openvpn-devel@lists.sourceforge.net;
Thu, 15 Dec 2022 19:01:53 +0000
Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c])
by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD))
(envelope-from <arne@kamera.blinkt.de>) id 1p5tUF-000KwF-E0
for openvpn-devel@lists.sourceforge.net;
Thu, 15 Dec 2022 20:01:43 +0100
Received: (nullmailer pid 2107961 invoked by uid 10006);
Thu, 15 Dec 2022 19:01:43 -0000
From: Arne Schwabe <arne@rfc2549.org>
To: openvpn-devel@lists.sourceforge.net
Date: Thu, 15 Dec 2022 20:01:42 +0100
Message-Id: <20221215190143.2107896-8-arne@rfc2549.org>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20221215190143.2107896-1-arne@rfc2549.org>
References: <20221215190143.2107896-1-arne@rfc2549.org>
MIME-Version: 1.0
X-Spam-Score: 0.3 (/)
X-Spam-Report: Spam detection software,
running on the system "util-spamd-2.v13.lw.sourceforge.com",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Reported-By: Trail of Bits Signed-off-by: Arne Schwabe
<arne@rfc2549.org> --- src/openvpn/misc.c | 1 + 1 file changed,
1 insertion(+) diff --git a/src/openvpn/misc.c
b/src/openvpn/misc.c index d78106cdc..551606e0e 100644 ---
a/src/openvpn/misc.c +++ b/src/openvpn/misc.c @@ -258, 6 +258,
7 @@ get_user_pass_cr(struct user_pass *up, msg( [...]
Content analysis details: (0.3 points, 6.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level
mail domains are different
0.0 SPF_NONE SPF: sender does not publish an SPF Record
X-Headers-End: 1p5tUN-0001Gl-IZ
Subject: [Openvpn-devel] [PATCH 7/8] Fix corner case that might lead to
leaked file descriptor
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
<mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive:
<http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
<mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox
X-GMAIL-THRID: =?utf-8?q?1752307820148811268?=
X-GMAIL-MSGID: =?utf-8?q?1752307820148811268?=
|
| Series |
Improvement/fixes based on Trail of Bits audit
|
|
Commit Message
Arne Schwabe
Dec. 15, 2022, 7:01 p.m. UTC
Reported-By: Trail of Bits
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
---
src/openvpn/misc.c | 1 +
1 file changed, 1 insertion(+)
Comments
Acked-by: Gert Doering <gert@greenie.muc.de> stare-at-code confirms that this is a simple-enough fix. One could argue for moving the fclose(fp) up before the tangled if/else/... construct, but this one will do and is easy enough to review "it will not change anything except in case of error". Your patch has been applied to the master, release/2.6 and release/2.5 branch. commit a034dc8153522713c3cfda90b2cda114cea70e2d (master) commit 03f990b4df00bfb2cb9aa93155420efa935011b5 (release/2.6) commit 1ec71f4568e13f2876e6ec15f1efda530693d2e9 (release/2.5) Author: Arne Schwabe Date: Thu Dec 15 20:01:42 2022 +0100 Fix corner case that might lead to leaked file descriptor Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <20221215190143.2107896-8-arne@rfc2549.org> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25730.html Signed-off-by: Gert Doering <gert@greenie.muc.de> -- kind regards, Gert Doering
diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c index d78106cdc..551606e0e 100644 --- a/src/openvpn/misc.c +++ b/src/openvpn/misc.c @@ -258,6 +258,7 @@ get_user_pass_cr(struct user_pass *up, msg(D_LOW, "No password found in %s authfile '%s'. Querying the management interface", prefix, auth_file); if (!auth_user_pass_mgmt(up, prefix, flags, auth_challenge)) { + fclose(fp); return false; } }