From patchwork Tue May 20 07:33:48 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4261 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:a599:b0:662:a395:de2b with SMTP id hj25csp283007mab; Tue, 20 May 2025 00:34:12 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVkHv5A9Ken3ZYMA1jgZHnd9iFN1dl7b3dbd2fGDPygP9TIHFstsATitwGLceUrJGmWx+vhYtN+btM=@openvpn.net X-Google-Smtp-Source: AGHT+IEYWKExdl7dphlrd4BoGIiN4PqTSfQqLKr2LeDdk7ei2VbSJFwv7GNCRUgCVW2moEfkTs27 X-Received: by 2002:a05:6870:9601:b0:29e:6547:bffa with SMTP id 586e51a60fabf-2e3c83775d5mr7906119fac.21.1747726452460; Tue, 20 May 2025 00:34:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1747726452; cv=none; d=google.com; s=arc-20240605; b=ZG70wwmDGMyneLsLIwO6urH8uRqHWW1ajMPaQ2TaXhwQfIoB5o6uJ6E9ZEYFJQ+bW6 MqtCjHbCsG3nGDF4F4Qqtot7z+Tkwt1Bn0yUQz/yk/fmYpAUKQG/OoxsHzjn3GUZDnMO kX7wYrcJWijzgVdqs9fE32KpP7JPwPHUN8+cVccnPMSCFhbMpTcKPp5CIB3VBBaBJgY9 eVS0Rhkqd2GKRbq7tDz4/u1IKkQ3WsnrUpJt4SveWZRIgyWfmiL8TV53uWIRAxAVdeGw 1TknLUXNnwDkGP8Yj5Lar3nESutq1v3gyYaFAgnSHiHUoEfRfgOSP93hOTkNbhDo1gxf jxDg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=nPU7NmywyxFs6ovGjPQhmS9SfJVPkRMdAO71WDwDlNA=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=B5AokSupveNsG1SC1LzJftwYTjxSnMAR+zAcayM1yXT9vRM8TIcZiw+1Rqf1XxY1HQ XMzTzmsH8SILZy6zRRfEidmv9VQkxuXgDdORe55HhTEMxs35JUZcM7n9gUxV2jW8QjjW o4EcjqC7dCuL9Nftr3XeCC+gddw4KGl8NYDuJmW1D9xW0m6Xb+xzaXgvVrZKxmooRsW4 EIcqImyHiIuST3eYOpyEv9QakB/CrDu898EKTcxWoWw4X6nqRowBA6lCk3yCMDpsaExW hLKScICCzzo3j6NmPjjlngxHaqLmWaws0Ob3Td7sij2zXGYHmsGuqB7rg+3kWdj4j05L XBuQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=eQ3EJyBs; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=YhUTN3IP; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=h69UmDFi; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-2e3c0ba7551si6199640fac.259.2025.05.20.00.34.12 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 20 May 2025 00:34:12 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=eQ3EJyBs; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=YhUTN3IP; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=h69UmDFi; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=nPU7NmywyxFs6ovGjPQhmS9SfJVPkRMdAO71WDwDlNA=; b=eQ3EJyBsVtQDYEVIyosPlEAjIg w3xs1Izx9wT+Jn4txqqjGzEtjNl9L0fD6nTxM+ety3lzBR3DTQtkh3TDDHs0lTOvFjAkaxnJyu0/s iXOesWOPHH5oGtGpPBb+NsNzuBgZziLVUWXPHKdIc7IpDJ9XEnn3VZd8T3zMdr7xwTMo=; Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1uHHUH-0005gc-KS; Tue, 20 May 2025 07:34:09 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1uHHUG-0005gT-EH for openvpn-devel@lists.sourceforge.net; Tue, 20 May 2025 07:34:08 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=RJXwk6oARhVSGwai70Q3Pvm3C57aB6zkW9HuldcuONc=; b=YhUTN3IPU4/OGIAlTJDdKIBP02 rDCh+CaUoYlcUQqyQX5fuhfDUPV/yOW3TtrFIQLEl40Cn23IvKI2wjDIZTprzpixFly3QgSfh+qtY ZDXTMfqEMqRpss+AI8T6dOYwGcEif6fqALS1Qt9WxmFI7WqlxjvxZNyqCbbs7mlnI0YU=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=RJXwk6oARhVSGwai70Q3Pvm3C57aB6zkW9HuldcuONc=; b=h69UmDFiEzPxNh2UCYA17pva0D 8CPSGcoTfYYTCGvQVr53dh9pPL91VWjQJTHAKcaEE/v4KFSnveJcP66Dm49yGoNKADDSQjGILsXlm WdpCtHAEMmjzrAWRcb7NANMwlIZuqS/ITYek52FlDa+rzVgjNgiZ2A7iwQyPT3ysShNQ=; Received: from [193.149.48.143] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1uHHUF-0001qe-0i for openvpn-devel@lists.sourceforge.net; Tue, 20 May 2025 07:34:08 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.17.1.9/8.17.1.9) with ESMTP id 54K7XtYg017123 for ; Tue, 20 May 2025 09:33:55 +0200 Received: (from gert@localhost) by blue.greenie.muc.de (8.17.1.9/8.17.1.9/Submit) id 54K7Xspb017122 for openvpn-devel@lists.sourceforge.net; Tue, 20 May 2025 09:33:54 +0200 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Tue, 20 May 2025 09:33:48 +0200 Message-ID: <20250520073354.17091-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.49.0 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "6901ab67b84d", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Heiko Hund Fix issue reported by Coverity (CID 1646952): Dereferencing a pointer that might be NULL dvf when calling env_set_write_file. In addition to the fix, inline the write_dns_vars_file() helper function. Also output a log line in case this error happens, because when it happens it will hinder communication with the updown runner [...] Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1uHHUF-0001qe-0i Subject: [Openvpn-devel] [PATCH v3] dns: fix potential NULL pointer dereference X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1832624012854442324?= X-GMAIL-MSGID: =?utf-8?q?1832624012854442324?= From: Heiko Hund Fix issue reported by Coverity (CID 1646952): Dereferencing a pointer that might be NULL dvf when calling env_set_write_file. In addition to the fix, inline the write_dns_vars_file() helper function. Also output a log line in case this error happens, because when it happens it will hinder communication with the updown runner process, i.e. setting up / tearing down DNS things will not work as expected. Change-Id: I275bf939f43577427e14890e7093d63c5213ae5d Signed-off-by: Heiko Hund Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1026 This mail reflects revision 3 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering diff --git a/src/openvpn/dns.c b/src/openvpn/dns.c index 9927961..3c703cc 100644 --- a/src/openvpn/dns.c +++ b/src/openvpn/dns.c @@ -688,18 +688,6 @@ return true; } -static const char * -write_dns_vars_file(bool up, const struct options *o, const struct tuntap *tt, struct gc_arena *gc) -{ - struct env_set *es = env_set_create(gc); - const char *dvf = platform_create_temp_file(o->tmp_dir, "dvf", gc); - - updown_env_set(up, &o->dns_options, tt, es); - env_set_write_file(dvf, es); - - return dvf; -} - static void run_up_down_command(bool up, struct options *o, const struct tuntap *tt, struct dns_updown_runner_info *updown_runner) { @@ -709,7 +697,7 @@ return; } - int status; + int status = -1; if (!updown_runner->required) { @@ -728,11 +716,19 @@ } struct gc_arena gc = gc_new(); - int rfd = updown_runner->fds[0]; - int wfd = updown_runner->fds[1]; - const char *dvf = write_dns_vars_file(up, o, tt, &gc); - size_t dvf_size = strlen(dvf) + 1; + const char *dvf = platform_create_temp_file(o->tmp_dir, "dvf", &gc); + if (!dvf) + { + msg(M_ERR, "could not create dns vars file"); + goto out_free; + } + struct env_set *es = env_set_create(&gc); + updown_env_set(up, &o->dns_options, tt, es); + env_set_write_file(dvf, es); + + int wfd = updown_runner->fds[1]; + size_t dvf_size = strlen(dvf) + 1; while (1) { ssize_t len = write(wfd, dvf, dvf_size); @@ -747,6 +743,7 @@ break; } + int rfd = updown_runner->fds[0]; while (1) { ssize_t len = read(rfd, &status, sizeof(status)); @@ -761,6 +758,7 @@ break; } +out_free: gc_free(&gc); }