From patchwork Wed Mar 1 13:44:55 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 3100 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:2310:b0:9f:bfa4:120f with SMTP id r16csp2676631dye; Wed, 1 Mar 2023 05:45:32 -0800 (PST) X-Google-Smtp-Source: AK7set+iSQppT0prrL/YCnlEAWYFwR/X3SxaBztwnaQ3KXZlKZR8fUie4uaa7nIgoWOGJDsd6RJ6 X-Received: by 2002:a17:903:11d2:b0:19a:b32e:cbb with SMTP id q18-20020a17090311d200b0019ab32e0cbbmr7420201plh.11.1677678332389; Wed, 01 Mar 2023 05:45:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1677678332; cv=none; d=google.com; s=arc-20160816; b=oY+zAHIFPncOwKi4Vr+6h2A04kqlHW56mjICjUO0w94yg8DLnnIdAuQntCnPYX4kS2 5dCnGls05bXnd6HUu4L09sbRw4JS7VwLmd6UggTHtNbC84DpggaiaWoomZBkfYc2hwE7 ByCyS1TlHsgRyzDRUufhZPywMnlKK1rGpWqMOstKRQt+PnU0dPdmxomxNqRHBgs8I6bY qqpN0h0j/ljaf53sMQO74WcwrzQVYRu6ZyUzkAw6YJadTDaz8IZky0q/S53lpGruflFX HwvrCzbFxWcWDvRP1g6ecmH6Oc1eBfuYCHa8BeXkdvnurMYZ46CgBLl8DOVXjeSp8sot FoOQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:message-id:date:to:from:dkim-signature:dkim-signature; bh=a9fJ0Jj2Tl8ScRixxRK3HMZ1EvT6UMD7anfN9aWaoCs=; b=OutY9BZ32o2/SMRxN+t7kXxqJRoYzdtD440Uy1ChJA58Pf0I/TFVrDDSyQexVtLROc p02y67UhMlAP5VomNye/0Df8plVo5HhSUXyRu0YsycGrFFuZ8lUUGv8QnWfZJPGXHTwD NzSZFdBpdPVR8TJU1USHo7QC3adFzTEGrL5S9cLLPs3cCIRSAjXwVzB2vo7x3IDYf8Fc agoKuKCSOnMlJCoXWPkdbmF8BmC7c1QBUMZTb7BlR22GiYBkRKpxQZHFewfzzP54D+1s bE2lU/T+OsZ3SycMjYDAbLLmZnYH/IUXQDolZB8htHKGUGCts1cP8F4ygRZPuSYVHocm PlVQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=l2+M+hi8; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=hGy61qLE; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id b12-20020a170902d50c00b0019b0e2473e2si14172664plg.416.2023.03.01.05.45.32 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 01 Mar 2023 05:45:32 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=l2+M+hi8; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=hGy61qLE; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1pXMlh-0002lv-8i; Wed, 01 Mar 2023 13:45:16 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1pXMlf-0002lk-9G for openvpn-devel@lists.sourceforge.net; Wed, 01 Mar 2023 13:45:14 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=WJG301w2wOtsI98xAVPRzIZqi8RB5Ll/2tl3c3uxZ44=; b=l2+M+hi8Unxw1lJUtFJtG8SDqR keW0w5Eoyc4SAoQqsT4NjfkSZSRmBG5CRJw41p6i/m3TvwhH7XJwdBFNq/WSSvKYwactf2kSvYKKX YJYchqrp6zAwj/PNaJsw96EeXwxuNPkOANe03FbBGAXLd9ZhCmphwLtjr4GfpWYJ99GY=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:To:From: Sender:Reply-To:Cc:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=WJG301w2wOtsI98xAVPRzIZqi8RB5Ll/2tl3c3uxZ44=; b=h Gy61qLEVGhuOSjXVGDg77o8wrK6E01jYAht60C9kMq0CNxnA2+XZJXqdyqhnqXdA/5M8U9V7QTDrh o3mLVcVwBHECan9Cw4I/IMLjacVLIL8dwZF8WnX705GPDCIf+diLygbfSkEpYatMnxz1MKBMe4nf/ +1BIM04qd//6AC/w=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1pXMlZ-00AkyH-7R for openvpn-devel@lists.sourceforge.net; Wed, 01 Mar 2023 13:45:09 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1pXMlL-0003Xs-Ma for openvpn-devel@lists.sourceforge.net; Wed, 01 Mar 2023 14:44:55 +0100 Received: (nullmailer pid 2810160 invoked by uid 10006); Wed, 01 Mar 2023 13:44:55 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Wed, 1 Mar 2023 14:44:55 +0100 Message-Id: <20230301134455.2810114-1-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-Spam-Score: 0.3 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Without this, we will caculate a pointer to the linksocket relative to a null pointer in get_link_socket_info, which itself does not crash and the pointer seems not to be accessed later, so we do not [...] Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record X-Headers-End: 1pXMlZ-00AkyH-7R Subject: [Openvpn-devel] [PATCH] Only update frame calculation if we have a valid link sockets X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1759173235005860396?= X-GMAIL-MSGID: =?utf-8?q?1759173235005860396?= Without this, we will caculate a pointer to the linksocket relative to a null pointer in get_link_socket_info, which itself does not crash and the pointer seems not to be accessed later, so we do not get a crash here. This is still not the correct behaviour and the undefined behaviour sanitiser from llvm/clang finds this. Change-Id: I82a20ac72f60f8770ea1b4ab0c8cdea31868abe7 Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- src/openvpn/init.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 622239f6b..e6f14f72d 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -4541,14 +4541,15 @@ init_instance(struct context *c, const struct env_set *env, const unsigned int f if (c->mode == CM_P2P || c->mode == CM_TOP || c->mode == CM_CHILD_TCP) { link_socket_init_phase2(c); - } - /* Update dynamic frame calculation as exact transport socket information - * (IP vs IPv6) may be only available after socket phase2 has finished. - * This is only needed for --static or no crypto, NCP will recalculate this - * in tls_session_update_crypto_params (P2MP) */ - frame_calculate_dynamic(&c->c2.frame, &c->c1.ks.key_type, &c->options, - get_link_socket_info(c)); + + /* Update dynamic frame calculation as exact transport socket information + * (IP vs IPv6) may be only available after socket phase2 has finished. + * This is only needed for --static or no crypto, NCP will recalculate this + * in tls_session_update_crypto_params (P2MP) */ + frame_calculate_dynamic(&c->c2.frame, &c->c1.ks.key_type, &c->options, + get_link_socket_info(c)); + } /* * Actually do UID/GID downgrade, and chroot, if requested.