From patchwork Wed Sep 24 12:18:55 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gert Doering <gert@greenie.muc.de>
X-Patchwork-Id: 4445
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Received: by 2002:a05:7000:c08a:b0:72f:f16c:e055 with SMTP id
 jr10csp1501670mab;
        Wed, 24 Sep 2025 05:19:22 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCXeqhQfA7/YKV8+Zg1Y/SrRKBJIiT3nMYiT2691suRYy5UlVZo6NhkDCFiDDOL0lMCYwhz+/uySMgk=@openvpn.net
X-Google-Smtp-Source: 
 AGHT+IGOkcktG+EPQTB5FyrVemrPmzqkdKVyjF6KJ7MlVVndANoqorG8MMpV9eCqmlnI1IplW73j
X-Received: by 2002:a05:6820:61b:b0:62f:4868:ef45 with SMTP id
 006d021491bc7-6331dea95dbmr3676388eaf.7.1758716362280;
        Wed, 24 Sep 2025 05:19:22 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1758716362; cv=none;
        d=google.com; s=arc-20240605;
        b=ByLHfHlFvuVOQMz8vvhPYNi6eL56itkGaw3MsrJLDytvX77b9VIEJrcV9WaFGSG19Y
         cvWOF88bs8bBCfF9MJyYdaFH00MvvDtDjAVMq0xesSUbhTnbUdOh5c5GyfbcR2hpkM/2
         LPocTryMce3cYSRN0YSngoVcc8L7zEXPDNxo1V/z+S9+2F8fYtvYBDy2SNz2RPxgiACe
         gY251mQTZEcaexalCuSMp4mkPUWXR9zDhhmSj72nGsmq1YN1+v1oSZ7rVYDZC4c87Nw9
         pb9rpEQcG3NkDzhY12d4yYFYWziWIKPwU8lUtNAi6wrVkz3TgrfVbolb/+pXvgDBkP23
         LS6g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=errors-to:content-transfer-encoding:list-subscribe:list-help
         :list-post:list-archive:list-unsubscribe:list-id:precedence:subject
         :mime-version:references:in-reply-to:message-id:date:to:from
         :dkim-signature:dkim-signature:dkim-signature;
        bh=aIMMr4mXwnskwL+ZrgitVEdr43+jcPHFwhZ7jdtjMns=;
        fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=;
        b=GJchdWsoLJAItYZNZjNf2FBmXatuJt+EkpNBS4mEubz07nV8vyQGD4hOMsBJkeLcVl
         TOV7saOycMWkmi+RiIFIBv7CG4wptMkA8paHIStxraChrxBXJxJKG22VfBNLv8m5uFaR
         kWIf3ebFlN/jPaJdo7NblCJhvd3OdYE50kU+11t5moj8yx/oaSqCIfGhYKj59XKjT59F
         qe0+HLjZaiPQu8chONNY+/EpcsZRZV4OEQQDmZCVdaxj/vjIpmkgFaBBMTlkZ8dkSbca
         N2OPRC4PxdMrhz4wTmTcvAMd9hvgexsMa6nCo8/RalAipz67HuFAavVXGNmAWq+0gZFz
         3kyg==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@lists.sourceforge.net header.s=beta
 header.b=PHsqtlJZ;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b=a2uhc7iC;
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b=SmUBdNYd;
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de
Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7])
        by mx.google.com with ESMTPS id
 006d021491bc7-636b5142dbfsi583469eaf.61.2025.09.24.05.19.22
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 24 Sep 2025 05:19:22 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) client-ip=216.105.38.7;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@lists.sourceforge.net header.s=beta
 header.b=PHsqtlJZ;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b=a2uhc7iC;
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b=SmUBdNYd;
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:
	List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:
	Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender:
	Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From:
	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner;
	bh=aIMMr4mXwnskwL+ZrgitVEdr43+jcPHFwhZ7jdtjMns=; b=PHsqtlJZksjINxJntGuZv1yQYK
	nCqVkV1IuBRMxrIbotOvdeBcaD3Gs+aiCgk9WiIaiXgswkgPfxTtcZeVyujia6pXQ2InihA2os8fH
	0LYoF8+GyZrSEsS5QYddtT68inwEZU4RDYM9HzOvHBf6BgVp8NpnN/MbaegpvNs9CtpI=;
Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com)
	by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1v1OSs-0002SF-Fr;
	Wed, 24 Sep 2025 12:19:19 +0000
Received: from [172.30.29.66] (helo=mx.sourceforge.net)
 by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
 (envelope-from <gert@blue4.greenie.muc.de>) id 1v1OSq-0002Rp-A3
 for openvpn-devel@lists.sourceforge.net;
 Wed, 24 Sep 2025 12:19:17 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References:
 In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=LLS7OD/ZHmZng3q5s3lsfAbhxk6bO6K+SbsqB7lUsx4=; b=a2uhc7iCdr1gKUSKmB8BAdkvqY
 OIZ9Ad5xkbOB5MNRPP7vbDQM2WTizdVRqsLB0YQxIS8OalaYxaRacIHrZnC3qmenUeAJ6MUJGAzR8
 AK5aTkzhKUwxswzyDCe1h1TstiXe5yYGUsIzxnFDdZJDuVIMGrbulFy6D7ghEmJP5u7w=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID:
 Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=LLS7OD/ZHmZng3q5s3lsfAbhxk6bO6K+SbsqB7lUsx4=; b=SmUBdNYd8Dd9EtO8ObdlviBXv/
 zS58BUSMJ490rVQkYzHZhRStrrqChmjf+YW3sgP10rhL+f1F+XpFL0ZGQAGjHNRWLw1kEukROCblD
 0EOGe/i0QmELouSURcNfJ4jC1wZjmAmL2fC8Xh2QtqL5EQPwQgohOCTLYKukQ9kMXEwM=;
Received: from [193.149.48.134] (helo=blue.greenie.muc.de)
 by sfi-mx-2.v28.lw.sourceforge.com with esmtps
 (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95)
 id 1v1OSn-0007Qz-MU for openvpn-devel@lists.sourceforge.net;
 Wed, 24 Sep 2025 12:19:14 +0000
Received: from blue.greenie.muc.de (localhost [127.0.0.1])
 by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 58OCJ1gq013545
 for <openvpn-devel@lists.sourceforge.net>; Wed, 24 Sep 2025 14:19:01 +0200
Received: (from gert@localhost)
 by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 58OCJ1B2013544
 for openvpn-devel@lists.sourceforge.net; Wed, 24 Sep 2025 14:19:01 +0200
From: Gert Doering <gert@greenie.muc.de>
To: openvpn-devel@lists.sourceforge.net
Date: Wed, 24 Sep 2025 14:18:55 +0200
Message-ID: <20250924121901.13532-1-gert@greenie.muc.de>
X-Mailer: git-send-email 2.49.1
In-Reply-To: 
 <gerrit.1758637530000.Ic395b6d1dce510bb4b499c5beba61f033a2a860b@gerrit.openvpn.net>
References: 
 <gerrit.1758637530000.Ic395b6d1dce510bb4b499c5beba61f033a2a860b@gerrit.openvpn.net>
MIME-Version: 1.0
X-Spam-Score: 1.3 (+)
X-Spam-Report: Spam detection software,
 running on the system "sfi-spamd-1.hosts.colo.sdot.me",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  From: Frank Lichtenheld <frank@lichtenheld.com> Comparing
 the result of read/write to a size_t value is dangerous C. Since ssize_t and
 size_t have the same size ssize_t is promoted to size_t, so -1 becomes size_t
 max value and is not smaller than t [...]
 Content analysis details:   (1.3 points, 5.0 required)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
X-Headers-End: 1v1OSn-0007Qz-MU
Subject: [Openvpn-devel] [PATCH v1] dns: Fix bug in error handling when
 talking to script
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox
X-GMAIL-THRID: =?utf-8?q?1844147768259228034?=
X-GMAIL-MSGID: =?utf-8?q?1844147768259228034?=

From: Frank Lichtenheld <frank@lichtenheld.com>

Comparing the result of read/write to a size_t value
is dangerous C. Since ssize_t and size_t have the same
size ssize_t is promoted to size_t, so -1 becomes
size_t max value and is not smaller than the expected
length.

Make sure to compare ssize_t to ssize_t to avoid any
suprises.

Change-Id: Ic395b6d1dce510bb4b499c5beba61f033a2a860b
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Heiko Hund <heiko@openvpn.net>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1208
---

This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.

Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1208
This mail reflects revision 1 of this Change.

Acked-by according to Gerrit (reflected above):
Heiko Hund <heiko@openvpn.net>

diff --git a/src/openvpn/dns.c b/src/openvpn/dns.c
index efb888a..2a9e60b 100644
--- a/src/openvpn/dns.c
+++ b/src/openvpn/dns.c
@@ -642,11 +642,10 @@
 
         while (1)
         {
-            ssize_t rlen, wlen;
             char path[PATH_MAX];
 
             /* Block here until parent sends a path */
-            rlen = read(dns_pipe_fd[0], &path, sizeof(path));
+            ssize_t rlen = read(dns_pipe_fd[0], &path, sizeof(path));
             if (rlen < 1)
             {
                 if (rlen == -1 && errno == EINTR)
@@ -665,8 +664,8 @@
             /* Unblock parent process */
             while (1)
             {
-                wlen = write(ack_pipe_fd[1], &res, sizeof(res));
-                if ((wlen == -1 && errno != EINTR) || wlen < sizeof(res))
+                ssize_t wlen = write(ack_pipe_fd[1], &res, sizeof(res));
+                if ((wlen == -1 && errno != EINTR) || wlen < (ssize_t)sizeof(res))
                 {
                     /* Not much we can do about errors but exit */
                     close(dns_pipe_fd[0]);
@@ -727,7 +726,7 @@
         env_set_write_file(dvf, es);
 
         int wfd = updown_runner->fds[1];
-        size_t dvf_size = strlen(dvf) + 1;
+        ssize_t dvf_size = strlen(dvf) + 1;
         while (1)
         {
             ssize_t len = write(wfd, dvf, dvf_size);
@@ -746,7 +745,7 @@
         while (1)
         {
             ssize_t len = read(rfd, &status, sizeof(status));
-            if (len < sizeof(status))
+            if (len < (ssize_t)sizeof(status))
             {
                 if (len == -1 && errno == EINTR)
                 {