From patchwork Wed Nov 8 12:49:45 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 3418 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:50e4:b0:f2:62eb:61c1 with SMTP id r4csp378993dyd; Thu, 9 Nov 2023 03:26:10 -0800 (PST) X-Google-Smtp-Source: AGHT+IGgks7IeO4YLvW3V1+zFXFDU/ZtMzt34o5L9ly7UAjT+OiwQJ9sgiz9MwEeU0BhsB9TIEjM X-Received: by 2002:a17:902:f550:b0:1cc:3202:dcca with SMTP id h16-20020a170902f55000b001cc3202dccamr5041441plf.2.1699529169806; Thu, 09 Nov 2023 03:26:09 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1699529169; cv=none; d=google.com; s=arc-20160816; b=hBYain9zeAmIQ9oHFP7LaZhkvZNyuyn36pjZnIzsZ40389NcUAFATzeOwN5SNoFHdV 1SLfeV2fLskXSOMJsARh98o1mU4/CyHOf8tUHUMpldz/hLjbDYm1IcB/e/sPPHlyYZf8 Kt8Yz00UPSpLHFO10TjAVYk/BqeLuZTdonxRU6yR0wqkUkAKJfJ+t/tbur3OBLVGv55v 1vydT2W8+kkSKdPgdenfH46o1ykENppACC2pLWSdRBCIeaYSjLIVz9fOmvXluyepeLcA FmI/rxgiltLWXKfuDjWFsHysvF/z584fRwsH9AEtz8x3hZ8UMB2a+MKgGPSkpTDEeH0R KElw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:message-id:date:to:from:resent-to:resent-message-id :resent-date:resent-from:dkim-signature:dkim-signature; bh=IhjNd7HnIhzEm1W3796ZGoSNSPV5uzhXNUrLmpcrlLs=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=iZMg3R9otlMTb9UQX3cJCGuVGHzgDBnLf85y/mGshYWaPNv6JlWyai+3J8Do2p415o TZng5PWxrRUD26r5QO29zELluTagCOF++5ubuDR1jQ1VG7fICAceXWYAmqXIO0oz7FI3 9+ysKAI04RVdCZ1lMUXGDy7IfpXcdbzMIH7+o9JEBUZBruyhH0LWjokdoxJVRy7/lD7H 6VxLFQIrM7hcpAEhQCZ/pkDMi16lb/hj9w1SxHllz7W34BBk8KG0RqzEw5jteQSodl5+ EbuYckOe7rWBGEwavcoelP8zFwh7MA8E0nCgCB34kwS+zEL/fAvJPVJ5zLvomp3LI7M/ 1V3g== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=R+Dg1tFS; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="dfwc/6Vz"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id m12-20020a170902db0c00b001ca27dfde3dsi5185555plx.541.2023.11.09.03.26.09 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 09 Nov 2023 03:26:09 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=R+Dg1tFS; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="dfwc/6Vz"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1r139t-0005Gi-CK; Thu, 09 Nov 2023 11:25:12 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1r139p-0005GY-Lh for openvpn-devel@lists.sourceforge.net; Thu, 09 Nov 2023 11:25:08 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-ID: Date:Subject:To:From:Resent-To:Resent-Message-ID:Resent-Date:Resent-From: Sender:Reply-To:Cc:Content-Type:Content-ID:Content-Description:Resent-Sender: Resent-Cc:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=Yykniw/pl7C1qTXKh2lg9pn5uIn3EtLfpWu18MFTF14=; b=R+Dg1tFS+t1TGWVb5s9NLdI48Q MKaMCgPQ4elL+iyUq2CxmgftnwgASu3qeVQhsQEJoTIKgSuZCTEbJWMJrGL0+wP9JkcDKBHEdGdJC HzNiyuKbBI7nIc4PXpTLqWwvGqPu5AETe9akfRWCnQ0OxWM/FR4TSGcbvaqXCv3x92Bw=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-ID:Date:Subject:To:From: Resent-To:Resent-Message-ID:Resent-Date:Resent-From:Sender:Reply-To:Cc: Content-Type:Content-ID:Content-Description:Resent-Sender:Resent-Cc: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Yykniw/pl7C1qTXKh2lg9pn5uIn3EtLfpWu18MFTF14=; b=dfwc/6Vzcz3zl9YuJALj98xXyL 2gyl34RUcvXrnHDWQk5AVqHbNdYkzbcRQg/BAdKOYvdUFYmY6Aik2yzGKYSYeGWK9mNocis/kBWRZ gqB7W5lVRvvf3Wx+TGburuGrVCkcbAG1WFi0mtdm+NF6NzX/oTsxtJL4/8z3YAmcJ6Kc=; Received: from chekov.greenie.muc.de ([193.149.48.178]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1r139j-000Slb-Iq for openvpn-devel@lists.sourceforge.net; Thu, 09 Nov 2023 11:25:07 +0000 Received: from chekov.greenie.muc.de (localhost [127.0.0.1]) by chekov.greenie.muc.de (8.17.1/8.17.1) with ESMTPS id 3A9BOsu7020086 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO) for ; Thu, 9 Nov 2023 12:24:54 +0100 (CET) (envelope-from gert@chekov.greenie.muc.de) Received: (from gert@localhost) by chekov.greenie.muc.de (8.17.1/8.17.1/Submit) id 3A9BOste020085 for openvpn-devel@lists.sourceforge.net; Thu, 9 Nov 2023 12:24:54 +0100 (CET) (envelope-from gert) Resent-From: Gert Doering Resent-Date: Thu, 9 Nov 2023 12:24:54 +0100 Resent-Message-ID: Resent-To: openvpn-devel@lists.sourceforge.net X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-14) on chekov.greenie.muc.de X-Spam-Level: X-Spam-Status: No, score=-101.9 required=7.0 tests=BAYES_00, USER_IN_WELCOMELIST autolearn=no autolearn_force=no version=4.0.0 Received: from vmail1.greenie.net (root@vmail1.greenie.net [IPv6:2001:608:1:995a:20c:29ff:feb8:10eb]) by chekov.greenie.muc.de (8.17.1/8.17.1) with ESMTPS id 3A8CnmfC076836 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO) for ; Wed, 8 Nov 2023 13:49:48 +0100 (CET) (envelope-from gert@chekov.greenie.muc.de) Received: from chekov.greenie.muc.de (chekov.greenie.muc.de [IPv6:2001:608:4:0:0:0:ce:c0f]) by vmail1.greenie.net (8.17.2/8.16.1) with ESMTPS id 3A8CnlVA058521 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=FAIL) for ; Wed, 8 Nov 2023 13:49:48 +0100 (CET) Received: from chekov.greenie.muc.de (localhost [127.0.0.1]) by chekov.greenie.muc.de (8.17.1/8.17.1) with ESMTPS id 3A8Cnl1l076826 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO) for ; Wed, 8 Nov 2023 13:49:47 +0100 (CET) (envelope-from gert@chekov.greenie.muc.de) Received: (from gert@localhost) by chekov.greenie.muc.de (8.17.1/8.17.1/Submit) id 3A8CnleL076822 for gert@greenie.muc.de; Wed, 8 Nov 2023 13:49:47 +0100 (CET) (envelope-from gert) From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Wed, 8 Nov 2023 13:49:45 +0100 Message-ID: <20231108124947.76816-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.42.0 MIME-Version: 1.0 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.4 (vmail1.greenie.net [IPv6:2001:608:1:995a:20c:29ff:feb8:10eb]); Wed, 08 Nov 2023 13:49:48 +0100 (CET) X-Spam-Score: -0.0 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Arne Schwabe This code was necessary before the frame/buffer refactoring as we always did relative adjustment to the frame. This also fixes also that previously initial_frame was initialised too early before the fragment related options were initialised and contained 0 for the maximum frame size. This resulted in a DIV by [...] Content analysis details: (-0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 T_SCC_BODY_TEXT_LINE No description available. X-Headers-End: 1r139j-000Slb-Iq Subject: [Openvpn-devel] [PATCH 1/3] Remove saving initial frame code X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net Sender: "Openvpn-devel" X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1782085498538532094?= X-GMAIL-MSGID: =?utf-8?q?1782085498538532094?= From: Arne Schwabe This code was necessary before the frame/buffer refactoring as we always did relative adjustment to the frame. This also fixes also that previously initial_frame was initialised too early before the fragment related options were initialised and contained 0 for the maximum frame size. This resulted in a DIV by 0 that caused an abort on platforms that throw an exception for that. CVE: 2023-46849 Only people with --fragment in their config are affected Change-Id: Icc612bab5700879606290639e1b8773f61ec670d Signed-off-by: Arne Schwabe --- src/openvpn/forward.c | 9 --------- src/openvpn/init.c | 19 ++++++++----------- src/openvpn/openvpn.h | 3 --- 3 files changed, 8 insertions(+), 23 deletions(-) diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 2510410f9..0443ca0a0 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -1078,15 +1078,6 @@ process_incoming_link_part1(struct context *c, struct link_socket_info *lsi, boo if (tls_pre_decrypt(c->c2.tls_multi, &c->c2.from, &c->c2.buf, &co, floated, &ad_start)) { - /* Restore pre-NCP frame parameters */ - if (is_hard_reset_method2(opcode)) - { - c->c2.frame = c->c2.frame_initial; -#ifdef ENABLE_FRAGMENT - c->c2.frame_fragment = c->c2.frame_fragment_initial; -#endif - } - interval_action(&c->c2.tmp_int); /* reset packet received timer if TLS packet */ diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 019f5a4f6..8c707a463 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -3537,15 +3537,6 @@ do_init_frame(struct context *c) */ frame_finalize_options(c, NULL); -#ifdef ENABLE_FRAGMENT - /* - * Set frame parameter for fragment code. This is necessary because - * the fragmentation code deals with payloads which have already been - * passed through the compression code. - */ - c->c2.frame_fragment = c->c2.frame; - c->c2.frame_fragment_initial = c->c2.frame_fragment; -#endif #if defined(ENABLE_FRAGMENT) /* @@ -3736,6 +3727,14 @@ static void do_init_fragment(struct context *c) { ASSERT(c->options.ce.fragment); + + /* + * Set frame parameter for fragment code. This is necessary because + * the fragmentation code deals with payloads which have already been + * passed through the compression code. + */ + c->c2.frame_fragment = c->c2.frame; + frame_calculate_dynamic(&c->c2.frame_fragment, &c->c1.ks.key_type, &c->options, get_link_socket_info(c)); fragment_frame_init(c->c2.fragment, &c->c2.frame_fragment); @@ -4640,8 +4639,6 @@ init_instance(struct context *c, const struct env_set *env, const unsigned int f c->c2.did_open_tun = do_open_tun(c, &error_flags); } - c->c2.frame_initial = c->c2.frame; - /* print MTU info */ do_print_data_channel_mtu_parms(c); diff --git a/src/openvpn/openvpn.h b/src/openvpn/openvpn.h index 077effeb9..5b2be63f9 100644 --- a/src/openvpn/openvpn.h +++ b/src/openvpn/openvpn.h @@ -249,14 +249,11 @@ struct context_2 /* MTU frame parameters */ struct frame frame; /* Active frame parameters */ - struct frame frame_initial; /* Restored on new session */ #ifdef ENABLE_FRAGMENT /* Object to handle advanced MTU negotiation and datagram fragmentation */ struct fragment_master *fragment; struct frame frame_fragment; - struct frame frame_fragment_initial; - struct frame frame_fragment_omit; #endif /*