From patchwork Thu Feb 9 17:26:51 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Petr_=C5=A0tetiar?= X-Patchwork-Id: 3069 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:c95:b0:82:e4b3:40a0 with SMTP id p21csp627154dyk; Thu, 9 Feb 2023 09:27:34 -0800 (PST) X-Google-Smtp-Source: AK7set/MnATnxUa/LIQMHL7wpNPNRG0HSmL6nNmFo6nv5+185/UHqjG0UG19Rc/Adlip/44xTZz3 X-Received: by 2002:aa7:97b1:0:b0:5a8:47e5:bbb5 with SMTP id d17-20020aa797b1000000b005a847e5bbb5mr4997566pfq.0.1675963654217; Thu, 09 Feb 2023 09:27:34 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1675963654; cv=none; d=google.com; s=arc-20160816; b=DL8nrfiMwgmP+V8jeLVWGvdly7qwtYAb3K8qCD0hE1h1Bbetqwz/C4UDoXmrnxIgCk Zpjkt4fNCif7XohrhgqeNPUKoBTSCn1cuE/PLsKcIGoJaJ6e06kJin2MA/3M7HAt4T1D DnNNx1EnUokcCdlaJkRtzp8zYRVtfLzGVKaT06ZtMRTW3iQ21UKxC71DlNvTut61oIJS Fs+gwyfniq+GafRqjcb+zgmRJT1alBvjLhxQRNnZqKJX7jkRoVKlGrQZJjbBlDYuST37 hJc8fTqxjAWySiIdGwlmNoaR8xdJMR4NvxC7U7gydjWakY8kJGpxhwvd7t1M1fz2pW7D SLzw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=/nBVpbNwvCvTivGtfcfDC4GSzx67Ti/SZnk1I5Sg2n4=; b=t3EQvMCnGifeaMfN6YggE/oi85EfNUhDe8y4dcIJSY7XQwx7uBE7aUTDPCHuOOOQaN u/SpIiPMdo7HeRTfCYvTSzDc3aN+uGI88/bWw/o2m3Zmjo3ojRcqHzGy1KZBdJf8It4o 4VsjzevJdgszf72opmWD8KV3NAtBpiOcJsY4QrqToFKUGmkJRuaFc7exGngn6U6pzNzD tV/aHbPrs5G6MfHYnePVNyWic+F/9SM/nKRbP7kAz5+83/FVjSnzop6YI4uR5yA0kbJ/ 44H2nh4dq5ilv8JhrI7k19j3mDBxd7ewY1h/Ul4OIOlQ9GpCKn/FGK89RLpdwNU5K8KE wCQg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=V8cTffO3; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=dLe2+0uO; dkim=neutral (body hash did not verify) header.i=@true.cz header.s=xnet header.b=E7eT68Jw; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id h128-20020a625386000000b0058e0b9c90casi505931pfb.236.2023.02.09.09.27.33 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 09 Feb 2023 09:27:34 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=V8cTffO3; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=dLe2+0uO; dkim=neutral (body hash did not verify) header.i=@true.cz header.s=xnet header.b=E7eT68Jw; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1pQAhV-0002q2-V1; Thu, 09 Feb 2023 17:27:13 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1pQAhO-0002pu-B7 for openvpn-devel@lists.sourceforge.net; Thu, 09 Feb 2023 17:27:05 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:Content-Type:MIME-Version :References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=iyzvTzyPRYwuD7piq8RZEkNcecmyhlA1OeLidKqSWg8=; b=V8cTffO3TiKGttVvkI3oBqDHOP vaop6dbvE9rQ2TP5I8oJe9vIu64gNMF00Gke88hEYMPTzBzuAfS0nHLMiKTLWSJ4h+sOZt9QLXf1a +/fwZEm3SWrfNMeC6FIDmAvWHBrtgD87VnZk0oZZu+TPKW7YQq/57RDrJGxf2f7s7VyY=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:Content-Type:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=iyzvTzyPRYwuD7piq8RZEkNcecmyhlA1OeLidKqSWg8=; b=dLe2+0uOLkwY8/HLzWcoiowRy1 MOzV5ihPwZNE48nIlhDuWkUhQL5jZUqt/6qPdVBIfsAGi//ShiQ6ZRJLwlLc0c72kylddfaMy9ThU nSnxhLxXprfCfWF7msfhR7aG0vCTqZ4Di4+mBo5PKy/2CrWXSkUOhDSbaqkt8v7fuGBI=; Received: from smtp-out.xnet.cz ([178.217.244.18]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1pQAhI-0000ex-Gj for openvpn-devel@lists.sourceforge.net; Thu, 09 Feb 2023 17:27:02 +0000 Received: from meh.true.cz (meh.true.cz [108.61.167.218]) (Authenticated sender: petr@true.cz) by smtp-out.xnet.cz (Postfix) with ESMTPSA id 5887E1834D; Thu, 9 Feb 2023 18:26:54 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=true.cz; s=xnet; t=1675963614; bh=9e7a9mQEmdyOHa+hpVounH8QNG+4Xzu1QOMxKAVLHuY=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=E7eT68JwyAE6l/7MzNwSNOYx8bGJ2g9XxlFn9n2uaseNMerAvaVWxddIGfS2h0sWY ttTmUD1jveG1aL52xjqzjNClqbMStNMMOeoQ6RAQ9JPhSdZQ6IvQ6kDyX76YYNFBFd WyeV9jbDaZG7MqgzsLuVTriUU+xdU6fzzkqtf69U= Received: by meh.true.cz (OpenSMTPD) with ESMTP id dd4c088a; Thu, 9 Feb 2023 18:26:27 +0100 (CET) From: =?utf-8?q?Petr_=C5=A0tetiar?= To: openvpn-devel@lists.sourceforge.net Date: Thu, 9 Feb 2023 18:26:51 +0100 Message-Id: <20230209172651.6237-1-ynezz@true.cz> In-Reply-To: <20230209153658.24001-1-ynezz@true.cz> References: MIME-Version: 1.0 X-Spam-Score: 0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Server can crash on systems using musl libc when client with comma in commonName tries to connect: ifconfig_pool_read(), in='VPN Client, abc, 192.168.1.2, ' RESOLVE: Cannot parse IP address: abc: (Name does not resolve) Content analysis details: (0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: true.cz] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid X-Headers-End: 1pQAhI-0000ex-Gj Subject: [Openvpn-devel] [PATCH v2] Fix server crash in freeaddrinfo on musl libc X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1757375264852356895?= X-GMAIL-MSGID: =?utf-8?q?1757375264852356895?= Server can crash on systems using musl libc when client with comma in commonName tries to connect: ifconfig_pool_read(), in='VPN Client, abc,192.168.1.2,' RESOLVE: Cannot parse IP address: abc: (Name does not resolve) as this leads to NULL pointer dereference in freeaddrinfo(): Program received signal SIGSEGV, Segmentation fault. 0x00007ffff7fbf81a in freeaddrinfo (p=0x0) at src/network/freeaddrinfo.c:10 (gdb) bt #0 0x00007ffff7fbf81a in freeaddrinfo (p=0x0) at src/network/freeaddrinfo.c:10 #1 0x00000000004389ec in get_addr_generic (af=af@entry=2, flags=flags@entry=4, hostname=hostname@entry=0x7ffff7ee2988 " abc", network=network@entry=0x7fffffffcb7c, netbits=netbits@entry=0x0, resolve_retry_seconds=resolve_retry_seconds@entry=0, signal_received=0x0, msglevel=64) at openvpn-2.5.7/src/openvpn/socket.c:186 #2 0x0000000000438a2d in getaddr (flags=flags@entry=4, hostname=hostname@entry=0x7ffff7ee2988 " abc", resolve_retry_seconds=resolve_retry_seconds@entry=0, succeeded=succeeded@entry=0x7fffffffcba7, signal_received=signal_received@entry=0x0) at openvpn-2.5.7/src/openvpn/socket.c:202 #3 0x0000000000430ae5 in ifconfig_pool_read (persist=0x7ffff7ee4510, pool=0x7ffff7edd450) at openvpn-2.5.7/src/openvpn/pool.c:661 So fix it by checking if `struct addrinfo*` pointer is valid before passing it down to freeaddrinfo() and while at it add there a warning comment as well. References: https://github.com/openwrt/openwrt/issues/11890 Signed-off-by: Petr Štetiar --- src/openvpn/buffer.h | 6 +++++- src/openvpn/dns.c | 7 ++++++- src/openvpn/ps.c | 7 ++++++- src/openvpn/socket.c | 8 +++++++- 4 files changed, 24 insertions(+), 4 deletions(-) Changes in v2: * handle freeaddrinfo in all places and add warning comment (Arne) diff --git a/src/openvpn/buffer.h b/src/openvpn/buffer.h index 2461a20703aa..0f10bf00399e 100644 --- a/src/openvpn/buffer.h +++ b/src/openvpn/buffer.h @@ -214,7 +214,11 @@ bool buf_init_debug(struct buffer *buf, int offset, const char *file, int line); static inline void gc_freeaddrinfo_callback(void *addr) { - freeaddrinfo((struct addrinfo *) addr); + /* WARNING: musl libc needs valid pointer */ + if (addr) + { + freeaddrinfo((struct addrinfo *) addr); + } } /** Return an empty struct buffer */ diff --git a/src/openvpn/dns.c b/src/openvpn/dns.c index 9f2a7d5ecaf8..05b87e983272 100644 --- a/src/openvpn/dns.c +++ b/src/openvpn/dns.c @@ -130,7 +130,12 @@ dns_server_addr_parse(struct dns_server *server, const char *addr) server->port6 = port; } - freeaddrinfo(ai); + /* WARNING: musl libc needs valid pointer */ + if (ai) + { + freeaddrinfo(ai); + } + return true; } diff --git a/src/openvpn/ps.c b/src/openvpn/ps.c index 3609630af779..59f535bf2494 100644 --- a/src/openvpn/ps.c +++ b/src/openvpn/ps.c @@ -841,7 +841,12 @@ port_share_open(const char *host, host, port, 0, NULL, AF_INET, &ai); ASSERT(status==0); hostaddr = *((struct sockaddr_in *) ai->ai_addr); - freeaddrinfo(ai); + + /* WARNING: musl libc needs valid pointer */ + if (ai) + { + freeaddrinfo(ai); + } /* * Make a socket for foreground and background processes diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index a883ac4a156c..9f6442698ed1 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -172,7 +172,11 @@ get_addr_generic(sa_family_t af, unsigned int flags, const char *hostname, *sep = '/'; } out: - freeaddrinfo(ai); + /* WARNING: musl libc needs valid pointer */ + if (ai) + { + freeaddrinfo(ai); + } free(var_host); return ret; @@ -1347,10 +1351,12 @@ socket_listen_accept(socket_descriptor_t sd, { msg(M_ERR, "TCP: close socket failed (new_sd)"); } + /* WARNING: musl libc needs valid pointer */ freeaddrinfo(ai); } else { + /* WARNING: musl libc needs valid pointer */ if (ai) { freeaddrinfo(ai);