| Message ID | 20251117173843.10091-2-gert@greenie.muc.de |
|---|---|
| State | New |
| Headers | show
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Received: by 2002:a05:7000:6d04:b0:7b1:439f:bdf with SMTP id e4csp3403015may;
Mon, 17 Nov 2025 09:39:02 -0800 (PST)
X-Forwarded-Encrypted: i=2;
AJvYcCVcM0PBMWe630lDgixyWNxDLXe7UpTXK6UJrmF9fNJktgSRAdEYQVNrgQa56i6rZE+SNdHB3CrLYK4=@openvpn.net
X-Google-Smtp-Source:
AGHT+IEgh+VML/+AhSW80gm8YZQvB8osMcVuSoG2b3nmZriOLAtEthqdfGpBeG4jzotkTdvcuF69
X-Received: by 2002:a05:6808:159b:b0:44f:f73c:9412 with SMTP id
5614622812f47-450976112cfmr6061017b6e.63.1763401142304;
Mon, 17 Nov 2025 09:39:02 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1763401142; cv=none;
d=google.com; s=arc-20240605;
b=H8n9aEVY/r8FSVmo0iLMQkwKufT4mmYaMi7i+Lz15ordcSuRnxf75tYILyGwr44ucR
esw1xQvE1Cz5ZtoS5GMeJkNOK5saXfW9F+TT3UHDnIZ/iWWcJXtRWk/rQQbU0Qdl8AGJ
m4VVv25MyG9wEtM5p9hLo6Fy625reVtrxXWvA6++CIB363NwZ4FEm0Su6FuFJaSUR3p4
2zMJv0LNJVw0MRk7aF5ZyVxI5FE9baKzQkfB+dBbw5U1Myf0a2qbuzwsE//5RBrvjwzc
p+kjj9+UF4dYKAs/77kpDanBftAWXksmkbjd54nlATnQDGzeXYdFb63QxZZfj+Dbl2/R
6HFw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20240605;
h=errors-to:content-transfer-encoding:list-subscribe:list-help
:list-post:list-archive:list-unsubscribe:list-id:precedence:subject
:mime-version:references:in-reply-to:message-id:date:to:from
:dkim-signature:dkim-signature:dkim-signature;
bh=Vr8g0An2+CbxdGsVtuRlOiPWIRym49JuJ7O/42tpoyg=;
fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=;
b=g0GXk9ugOAkEXqjDJPBgcKFCRmxl9ckVIxTyPW7ZHerm/7VELXt01I0orhqTu4HCFy
qhrqkn0z9+d1QNOz9I3x4cuxat6wtBXHR6fkLNUmXa88IYTLqHCA5K+Q/lESfCu0I3MF
9lC1h7QQwNsnRn5arO4cipnha7pCzJXr4I6deywidC+SSBKptZb81rXh8HznVRfN8vbR
gTnfCsLWCjZuY3lGma4FOuKNh+tk5JAznSFXldt5Na+WwHSKOABp33dybHEBACqLkuFp
+Qocpuxe5VipN1dxDLPQ5Bv/IbkhhBKdVYJwR/gGyiJtY4XkbukTy3JoR8AHaXdusK4c
gCsg==;
dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@lists.sourceforge.net header.s=beta
header.b=j2Iimmgd;
dkim=neutral (body hash did not verify) header.i=@sourceforge.net
header.s=x header.b=GR2f+5MV;
dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
header.b="SRHg+V/s";
spf=pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de
Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7])
by mx.google.com with ESMTPS id
5614622812f47-4508a79434asi3705584b6e.314.2025.11.17.09.39.01
(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
Mon, 17 Nov 2025 09:39:01 -0800 (PST)
Received-SPF: pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) client-ip=216.105.38.7;
Authentication-Results: mx.google.com;
dkim=pass header.i=@lists.sourceforge.net header.s=beta
header.b=j2Iimmgd;
dkim=neutral (body hash did not verify) header.i=@sourceforge.net
header.s=x header.b=GR2f+5MV;
dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
header.b="SRHg+V/s";
spf=pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:
List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:
Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender:
Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From:
Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner;
bh=Vr8g0An2+CbxdGsVtuRlOiPWIRym49JuJ7O/42tpoyg=; b=j2Iimmgd2XLPrYcytppNflqTLG
GMSuxCGNHNBE+wE+D93Me5jfqymtNRGYLzL7+1a5Zr6JlhYDCjnLKkTHViyTCB2a/2UiYdxSYOFCo
qQgGvCcw7UrhaaXg8JO+Hc9T19H5fmGBh17aP61f94wL9pZLuABRP3LuC0qXSXwnn3xQ=;
Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com)
by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95)
(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
id 1vL3Bm-0005Li-Sc;
Mon, 17 Nov 2025 17:38:55 +0000
Received: from [172.30.29.66] (helo=mx.sourceforge.net)
by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
(envelope-from <gert@chekov.greenie.muc.de>) id 1vL3Bl-0005LS-7X
for openvpn-devel@lists.sourceforge.net;
Mon, 17 Nov 2025 17:38:54 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References:
In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:
Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
List-Subscribe:List-Post:List-Owner:List-Archive;
bh=tPsn8IcsAhah25vhbiHrkKKWsrs9BMJcylJRjvD5W+s=; b=GR2f+5MVLK9XHhsEtxlid9cWYl
U022l6bZAi04P7siJnkI4HHn4Lmz13kcqRv1nlNwa5YDGmJT8APUzngZXOV7RgSxMvpQWVtDuWeqW
kGe3ekFBhZ5Ldl/XoUOHkwHkNaMNjmRUJqMaHWpSEwRb9rhk9HovhIdDTZ8nootVBAug=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
;
h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID:
Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID:
Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
List-Post:List-Owner:List-Archive;
bh=tPsn8IcsAhah25vhbiHrkKKWsrs9BMJcylJRjvD5W+s=; b=SRHg+V/s22+vAJSR1lAOgiBOSn
I3Vjk4g4MtSybIP2XI0uvq1DHcHp/f49eDKgTHTAXLjTc6KdusQbsmndZrBKUadbPMiTrU/dRDbRP
RByCVRaGfMwVqbKNNGVYEdQy5GKvfnoohU48ACSRTWov1Mf/cRM8eSUB73JAhQk91zf0=;
Received: from chekov.greenie.muc.de ([193.149.48.178])
by sfi-mx-2.v28.lw.sourceforge.com with esmtps
(TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95)
id 1vL3Bk-0007y5-RZ for openvpn-devel@lists.sourceforge.net;
Mon, 17 Nov 2025 17:38:53 +0000
Received: from chekov.greenie.muc.de (localhost [IPv6:0:0:0:0:0:0:0:1])
by chekov.greenie.muc.de (8.18.1/8.18.1) with ESMTPS id 5AHHck5Z010429
(version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO)
for <openvpn-devel@lists.sourceforge.net>;
Mon, 17 Nov 2025 18:38:46 +0100 (CET)
(envelope-from gert@chekov.greenie.muc.de)
Received: (from gert@localhost)
by chekov.greenie.muc.de (8.18.1/8.18.1/Submit) id 5AHHcksg010428
for openvpn-devel@lists.sourceforge.net;
Mon, 17 Nov 2025 18:38:46 +0100 (CET)
(envelope-from gert)
From: Gert Doering <gert@greenie.muc.de>
To: openvpn-devel@lists.sourceforge.net
Date: Mon, 17 Nov 2025 18:28:58 +0100
Message-ID: <20251117173843.10091-2-gert@greenie.muc.de>
X-Mailer: git-send-email 2.51.2
In-Reply-To: <20251117173843.10091-1-gert@greenie.muc.de>
References: <20251117173843.10091-1-gert@greenie.muc.de>
MIME-Version: 1.0
X-Spam-Score: 0.0 (/)
X-Spam-Report: Spam detection software,
running on the system "sfi-spamd-2.hosts.colo.sdot.me",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: From: Mikhail Khachaiants <mkhachaiants@gmail.com> Add a
family
check to prevent copying address data of the wrong type, which could cause
buffer over-read when parsing routes or endpoints. CVE: 2025-12106
Content analysis details: (0.0 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
X-Headers-End: 1vL3Bk-0007y5-RZ
Subject: [Openvpn-devel] [PATCH 1/2] socket: reject mismatched address
family in get_addr_generic
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
<mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive:
<http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
<mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox
X-GMAIL-THRID: =?utf-8?q?1849060115752938327?=
X-GMAIL-MSGID: =?utf-8?q?1849060115752938327?=
|
| Series |
[Openvpn-devel,1/2] socket: reject mismatched address family in get_addr_generic
|
expand
|
diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index f7317d13..8b6e35e4 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -147,6 +147,13 @@ get_addr_generic(sa_family_t af, unsigned int flags, const char *hostname, void struct in6_addr *ip6; in_addr_t *ip4; + if (af != ai->ai_family) + { + msg(msglevel, "Can't parse %s as IPv%d address", var_host, (af == AF_INET) ? 4 : 6); + ret = -1; + goto out; + } + switch (af) { case AF_INET: