From patchwork Thu Feb 9 15:36:58 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Petr_=C5=A0tetiar?= X-Patchwork-Id: 3066 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:c95:b0:82:e4b3:40a0 with SMTP id p21csp540890dyk; Thu, 9 Feb 2023 07:37:46 -0800 (PST) X-Google-Smtp-Source: AK7set+QGx0Gmf3fy2rsUg35lzOAF8pX8xR5ydUpuME7NYTpBpMWeY8Y5IaytivO/ulPKlFgpW8b X-Received: by 2002:a17:903:22c8:b0:199:12d5:5b83 with SMTP id y8-20020a17090322c800b0019912d55b83mr12238762plg.16.1675957066526; Thu, 09 Feb 2023 07:37:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1675957066; cv=none; d=google.com; s=arc-20160816; b=XMBw3ug8YRxPHRC+yWMRCyGDpMHpK9WZOnofOGyI8jqT+YGbmli+uuXIB1AQTM1uGT BKXYFG3k7mMuS4XtCV7djyW/gNudv6QEZcAsmF4qe+GU/1KNkLLyMfRDe2uVX6EGVVkF B7NWSS4cX3SpvR4LNZBGxk2/LH/TgZmdKsFdf+NRC8QMXqnwCC7O62E4lg/ZgdU0XoMK dt08AMnPNaVuT9PIO3L7twvx0yvS5lQ/QEp0/VZSksTv5vccdOQGMIT2r/WCHoA2QTF1 DR0U+/CFOSksqwmlbrRq3rrEVHLpI9B2gn0X6SQs2tAC4mW7oGCSD3WzI7L2iLSFxFfi 1rFQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:message-id:date:to:from:dkim-signature:dkim-signature :dkim-signature; bh=QTEVKr2n9V/gQTRjlr1t4onEPE5z3nYKvyNeXinIznk=; b=TGN1/theAhCbL71PKQWIOCAVnw4Ht5KlWtWIALbbmgsGlyBiZgQo3c0HI8rT4pnvtw u8vsbKTjwJyrzL5OMEdps4YSzJORosqi+ccD9fo3wwicgwqFNhYoVz0bvZTeVQTxoJhC 5fF3CAivqJicCxtHOVIMfN4xiqj+VA4zl9709Liw4zfiiV9dweMYsjmRdO8tJzX//+QS m5303AexJvaSMxbdOCDfVo9P6XdtS6+XkMCTpqHIMg2aiBiAWbzvYIEE5biq25i8FZci Md7XAvlB+hChBv5NZ188XeCDR1tQ+fOtw/TkWIOpqKJeypx68irH7iNZfCQCQ3bYKosb MqKA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=EIIj9Z4z; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=jwHBC3e3; dkim=neutral (body hash did not verify) header.i=@true.cz header.s=xnet header.b=fFjiEdUt; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id q9-20020a170902dac900b00199204c94c0si2134796plx.571.2023.02.09.07.37.46 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 09 Feb 2023 07:37:46 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=EIIj9Z4z; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=jwHBC3e3; dkim=neutral (body hash did not verify) header.i=@true.cz header.s=xnet header.b=fFjiEdUt; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1pQ8z7-0006EW-Sj; Thu, 09 Feb 2023 15:37:17 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1pQ8z6-0006EJ-No for openvpn-devel@lists.sourceforge.net; Thu, 09 Feb 2023 15:37:15 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:Content-Type:MIME-Version :Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=BLGXdQVag10i0GqO2cB6nY9fd1yygIRUXtPaQ0cayk4=; b=EIIj9Z4zS2ylJmWzNkplTl3XuD sUubpvBPDBGdo+oQBepmtSze+TmSEtOHzm2O43gKD6eu+iCngN/yPL+1tUa6853EKLNAUFPR2467E k0FLFNmuCKYgcxwRm58eXPfnOXo5w+SU0eggQ/CtRuOVIU4YE6rVlaY7HQhKjTnL97oA=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-Id:Date: Subject:Cc:To:From:Sender:Reply-To:Content-ID:Content-Description:Resent-Date :Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=BLGXdQVag10i0GqO2cB6nY9fd1yygIRUXtPaQ0cayk4=; b=j wHBC3e3RYb+qDAM+HUZrARIxELxXqcJT6aAqGx65OlfHMtoR6UYHoll6nEgMcvUsUJ9R+kqa8bf2L 5FWER9L3uBwB8FTKbtxiN/D+ueJzNAxlL5WI4U3xv/TuXmOUIE4tQCo6U7Og3js9LBCl/xSJ9VOv1 A0Bx0uOzRQOBOlBc=; Received: from smtp-out.xnet.cz ([178.217.244.18]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1pQ8yy-00057K-Il for openvpn-devel@lists.sourceforge.net; Thu, 09 Feb 2023 15:37:15 +0000 Received: from meh.true.cz (meh.true.cz [108.61.167.218]) (Authenticated sender: petr@true.cz) by smtp-out.xnet.cz (Postfix) with ESMTPSA id BB96018185; Thu, 9 Feb 2023 16:37:02 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=true.cz; s=xnet; t=1675957022; bh=0txWNG4rX95EMwv1UWWBI7rfOTgQPhmHjT3vMoSZJZc=; h=From:To:Cc:Subject:Date; b=fFjiEdUtu7DzWg6iRHyrcnE40c11k1SKNJAzVaTUbYHpH7BWLxvk8UqYZFMi6HBTL BUokI/RnbNGl922VK/X6sbk1Qi8m5fH45nChA2ACgQ/MO4sDQ/YhhCHxLq3FsGlk/g RwDUZ2C4N1eME4Z6Nj50AgUdA3sexIVc0blkn4AU= Received: by meh.true.cz (OpenSMTPD) with ESMTP id 9d778eaa; Thu, 9 Feb 2023 16:36:35 +0100 (CET) From: =?utf-8?q?Petr_=C5=A0tetiar?= To: openvpn-devel@lists.sourceforge.net Date: Thu, 9 Feb 2023 16:36:58 +0100 Message-Id: <20230209153658.24001-1-ynezz@true.cz> MIME-Version: 1.0 X-Spam-Score: 0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Server can crash on systems using musl libc when client with comma in commonName tries to connect: ifconfig_pool_read(), in='VPN Client, abc, 192.168.1.2, ' RESOLVE: Cannot parse IP address: abc: (Name does not resolve) Content analysis details: (0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: true.cz] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid X-Headers-End: 1pQ8yy-00057K-Il Subject: [Openvpn-devel] [PATCH] get_addr_generic: fix server crash in freeaddrinfo on musl libc X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1757368356975087268?= X-GMAIL-MSGID: =?utf-8?q?1757368356975087268?= Server can crash on systems using musl libc when client with comma in commonName tries to connect: ifconfig_pool_read(), in='VPN Client, abc,192.168.1.2,' RESOLVE: Cannot parse IP address: abc: (Name does not resolve) as this leads to NULL pointer dereference in freeaddrinfo(): Program received signal SIGSEGV, Segmentation fault. 0x00007ffff7fbf81a in freeaddrinfo (p=0x0) at src/network/freeaddrinfo.c:10 (gdb) bt #0 0x00007ffff7fbf81a in freeaddrinfo (p=0x0) at src/network/freeaddrinfo.c:10 #1 0x00000000004389ec in get_addr_generic (af=af@entry=2, flags=flags@entry=4, hostname=hostname@entry=0x7ffff7ee2988 " abc", network=network@entry=0x7fffffffcb7c, netbits=netbits@entry=0x0, resolve_retry_seconds=resolve_retry_seconds@entry=0, signal_received=0x0, msglevel=64) at openvpn-2.5.7/src/openvpn/socket.c:186 #2 0x0000000000438a2d in getaddr (flags=flags@entry=4, hostname=hostname@entry=0x7ffff7ee2988 " abc", resolve_retry_seconds=resolve_retry_seconds@entry=0, succeeded=succeeded@entry=0x7fffffffcba7, signal_received=signal_received@entry=0x0) at openvpn-2.5.7/src/openvpn/socket.c:202 #3 0x0000000000430ae5 in ifconfig_pool_read (persist=0x7ffff7ee4510, pool=0x7ffff7edd450) at openvpn-2.5.7/src/openvpn/pool.c:661 So fix it by checking if `struct addrinfo*` pointer is valid before passing it down to freeaddrinfo(). References: https://github.com/openwrt/openwrt/issues/11890 Signed-off-by: Petr Štetiar --- src/openvpn/socket.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index a883ac4a156c..d304554cefda 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -172,7 +172,10 @@ get_addr_generic(sa_family_t af, unsigned int flags, const char *hostname, *sep = '/'; } out: - freeaddrinfo(ai); + if (ai) + { + freeaddrinfo(ai); + } free(var_host); return ret;