From patchwork Tue Nov  4 09:19:35 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gert Doering <gert@greenie.muc.de>
X-Patchwork-Id: 4567
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Received: by 2002:a05:7000:9ac3:b0:72f:f16c:e055 with SMTP id m3csp236528maw;
        Tue, 4 Nov 2025 01:20:04 -0800 (PST)
X-Forwarded-Encrypted: i=2;
 AJvYcCUg9InWv9OK25R2hUHqZKkiF5Yionk9fv35wC4MduOtteAy8UjP8bF8LJI/gKqAXk7QEWXAoPV8oSk=@openvpn.net
X-Google-Smtp-Source: 
 AGHT+IEWVxp/hXXJdwfdnW43IcVv1476OJdVQPiGv1YUNBncwQ3aqO0MFbrXt7fTxcB8itCPPzgR
X-Received: by 2002:a05:6602:2344:b0:918:46b7:4d35 with SMTP id
 ca18e2360f4ac-9485947fe1fmr326777339f.6.1762248004038;
        Tue, 04 Nov 2025 01:20:04 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1762248004; cv=none;
        d=google.com; s=arc-20240605;
        b=dYfcjXv9H4HXPa4SYulXWW8iOoHYHn1S6lZ6bb/m9SxoUZwQ8lmYU0iZuUD7WBioKs
         N1mCc8E17qv3o2TYgjFUAtgbz731TFf42cgOqVKQ98P2S/n9mpQHxoz0/BLpiLTjPvDL
         kc2XTEqtiVpQtJfFSvtMJvSrQiSVCsVrkMeZVRjeaJ/1svmcrstk4Jkx27ldJXh29dQy
         4MIYDaeUMl3rwTymDflA+HOxryWcUeFCSd0vaNoF6LwFmuEfRu9IxPokHRBtbgzjeVG4
         o8BB+qa/Jmq29+e7+ZYljYlSD3kW+miEl9QDFbLM02dEOlDUDezvrD+L+Nupm7sPtkXf
         XdIg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=errors-to:content-transfer-encoding:list-subscribe:list-help
         :list-post:list-archive:list-unsubscribe:list-id:precedence:subject
         :mime-version:references:in-reply-to:message-id:date:to:from
         :dkim-signature:dkim-signature:dkim-signature;
        bh=ciYIykIMgbvj9/nzxtdJcxB01H5F11OSnINfLA63FwA=;
        fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=;
        b=ayJvHiP/RpyIPObbZ+H4mq+G09SZETCPcWjRR/HFfbd/4xl2j6+43bkCzvvOTS0f+L
         a7rVMNE2xYN0RDMniO3UHF9WxbanXrew6Vtf4twzi1VVtm77LsQ9uERm+es4duyIZt7a
         U8p8fR7W6COoyjeSH2P/4U8YlbOLR34AjUll5P9gzwaw8RNxZR2tk6gfrgQ09F9TE7Xb
         W0ElBEPztf4ul6gMLxykJLdB5bIiOue8WrC6xhfFVnxCykGDTtlsIipc1sJr2ZkXFVVF
         GhUXI3d0/E8kQ9GWEwOlU2nddU1Vw22sQNE+r2Q2yfma3izVPEHdOEIHjVAVxXd2fMFN
         Q8zg==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@lists.sourceforge.net header.s=beta
 header.b=KJxAMBYv;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b=c1ReGP30;
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b=GmH9KPvn;
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de
Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7])
        by mx.google.com with ESMTPS id
 8926c6da1cb9f-5b6a5f72202si8912697173.189.2025.11.04.01.20.03
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Tue, 04 Nov 2025 01:20:03 -0800 (PST)
Received-SPF: pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) client-ip=216.105.38.7;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@lists.sourceforge.net header.s=beta
 header.b=KJxAMBYv;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b=c1ReGP30;
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b=GmH9KPvn;
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:
	List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:
	Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender:
	Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From:
	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner;
	bh=ciYIykIMgbvj9/nzxtdJcxB01H5F11OSnINfLA63FwA=; b=KJxAMBYv88MK6LZ/HFmskKWme2
	0t+eUMSs0yT4ghLP51+JO5xgA/b5PzIHEyaEcu9lYPrqufFqeHFobIQK6JBvpPwKUFsh4rDNVzpwq
	yebix4Z9vXo4jaF0J/dJQW7/krU9hLQDSWbbWfu6wey/w0MQ+gDmBC/d/8FnL9Bjsgo4=;
Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com)
	by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1vGDCn-0006P2-DI;
	Tue, 04 Nov 2025 09:19:57 +0000
Received: from [172.30.29.66] (helo=mx.sourceforge.net)
 by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
 (envelope-from <gert@blue4.greenie.muc.de>) id 1vGDCl-0006Oq-5J
 for openvpn-devel@lists.sourceforge.net;
 Tue, 04 Nov 2025 09:19:55 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References:
 In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=schCust7Iob4Zb3Su2fW1ZHNm8gGTaLEHiHbuwo6NmU=; b=c1ReGP30lYLyjdVCqqXXzOz33v
 4lt1C1dXM9EEaOgx6ogz62Pu3h7WdjgbbvkhoOA7yjns91ljUtGQXgwhK4AoF/kqiOPHkz9i/yvAQ
 2DgHlDb77QxckNWHWzdI89NfAX4JYQvLTmaaJlK+RJzd1mDKkWDl+PzER3YrmlslSLxg=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID:
 Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=schCust7Iob4Zb3Su2fW1ZHNm8gGTaLEHiHbuwo6NmU=; b=GmH9KPvnousFkoOUSci1zBi+W7
 PD0KBKH6UV1D6R6i+pvSCGmuM0Jx5C6jbZIMY2TSvqGRsUDfSyrqw5CiXsS5k+xvSMyK0w8sqpjwN
 7yIUDS2t7mVqdyZ7oATlE21sktWpTXTKzn8zjmiZG4JWwxUvYVF6HIHr0YI5peA3OubY=;
Received: from [193.149.48.134] (helo=blue.greenie.muc.de)
 by sfi-mx-2.v28.lw.sourceforge.com with esmtps
 (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95)
 id 1vGDCj-000177-0D for openvpn-devel@lists.sourceforge.net;
 Tue, 04 Nov 2025 09:19:55 +0000
Received: from blue.greenie.muc.de (localhost [127.0.0.1])
 by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 5A49JfmH010839
 for <openvpn-devel@lists.sourceforge.net>; Tue, 4 Nov 2025 10:19:41 +0100
Received: (from gert@localhost)
 by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 5A49Jf0h010838
 for openvpn-devel@lists.sourceforge.net; Tue, 4 Nov 2025 10:19:41 +0100
From: Gert Doering <gert@greenie.muc.de>
To: openvpn-devel@lists.sourceforge.net
Date: Tue,  4 Nov 2025 10:19:35 +0100
Message-ID: <20251104091940.10826-1-gert@greenie.muc.de>
X-Mailer: git-send-email 2.49.1
In-Reply-To: 
 <gerrit.1761324750000.I3309265edf8d6bea7bd73b21eef589a92ede6e0a@gerrit.openvpn.net>
References: 
 <gerrit.1761324750000.I3309265edf8d6bea7bd73b21eef589a92ede6e0a@gerrit.openvpn.net>
MIME-Version: 1.0
X-Spam-Score: 1.3 (+)
X-Spam-Report: Spam detection software,
 running on the system "sfi-spamd-1.hosts.colo.sdot.me",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview: From: Frank Lichtenheld <frank@lichtenheld.com> Make better
 checks for the maxlen input value. Change-Id:
 I3309265edf8d6bea7bd73b21eef589a92ede6e0a
 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert
 Doering
 <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/open [...]
 Content analysis details:   (1.3 points, 5.0 required)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
X-Headers-End: 1vGDCj-000177-0D
Subject: [Openvpn-devel] [PATCH v4] ssl: Clean up type handling in
 write_string()
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox
X-GMAIL-THRID: =?utf-8?q?1847850963134453572?=
X-GMAIL-MSGID: =?utf-8?q?1847850963134453572?=

From: Frank Lichtenheld <frank@lichtenheld.com>

Make better checks for the maxlen input value.

Change-Id: I3309265edf8d6bea7bd73b21eef589a92ede6e0a
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1300
---

This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.

Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1300
This mail reflects revision 4 of this Change.

Acked-by according to Gerrit (reflected above):
Gert Doering <gert@greenie.muc.de>

diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index d177730..e03b81e 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -1780,20 +1780,16 @@
     return true;
 }
 
-#if defined(__GNUC__) || defined(__clang__)
-#pragma GCC diagnostic push
-#pragma GCC diagnostic ignored "-Wconversion"
-#endif
-
 static bool
 write_string(struct buffer *buf, const char *str, const int maxlen)
 {
-    const int len = strlen(str) + 1;
-    if (len < 1 || (maxlen >= 0 && len > maxlen))
+    const size_t len = strlen(str) + 1;
+    const size_t real_maxlen = (maxlen >= 0 && maxlen <= UINT16_MAX) ? (size_t)maxlen : UINT16_MAX;
+    if (len > real_maxlen)
     {
         return false;
     }
-    if (!buf_write_u16(buf, len))
+    if (!buf_write_u16(buf, (uint16_t)len))
     {
         return false;
     }
@@ -1833,6 +1829,11 @@
     return len;
 }
 
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
 static char *
 read_string_alloc(struct buffer *buf)
 {