From patchwork Wed Jan 14 13:58:02 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4706 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:9186:b0:80a:3855:ce6a with SMTP id j6csp245712maf; Wed, 14 Jan 2026 05:58:20 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCVl9j6fz6HfdM7KvZ/bS+4BSEU4WNiiMbIaazAsztxzV+gcfhf4tUds0xIms0hXuay6vMDHmJhmWn0=@openvpn.net X-Received: by 2002:a05:6830:3492:b0:7cf:d16d:9d39 with SMTP id 46e09a7af769-7cfd16d9d9cmr331889a34.1.1768399100322; Wed, 14 Jan 2026 05:58:20 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1768399100; cv=none; d=google.com; s=arc-20240605; b=f+sM+54e5fm4nXjM5sOut0uyd+dyRRNAXyHJTKOdJ4O498431VPlQ8wtAbddhGkWnV FA9a6tvjyL+NddQSg7hq7cf9ZDSpH6FQGdT2ThWLwhGy0+Bn0afgzSxwlY71xHTBdPGw jff3CUQDN1eMhaVsfTScNIY/LaMdKye8AP7I6zi6N58Qncwb5iS2JYkPUDyvF3qxP/pv XmEVcDPzWyAl5TkmSDm+0/heHK3f9qoIl4A0+J8CYYiYIyoSwPfIxzkPuQMVxxdKlHII Yjw+WE8X3m6SIcGzPXjvmCUPSou+QnaBw7W1I5Qe9NjE/CAdPww08PwCoA48AYsUmc4E a+Jw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=/tMfaBgxPy+lJWWlawkzDJZxO/THqLPtlGEAEHgLN90=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=WFlkWZV36L4vcJ2o0nC3RLr7hQJFMS42hlUNJ29B5rALJfGEQjcx+peqtjpBBF3s8r dLsMiZs2JLeFALgHjUVEIdPoVcHQTgu7Go2/ZUZ8HKFpT1fWTl8NZ9zosp0ZcizXmyLP 9zMrI31F/4BYocZhCWYM7RacaBEmavFEeZT5D8mG9gLA5/S3Z0TO9JUBkikPCfivTKWq PuyFtSdA77d6C84+vkR33dvsbKOxY2bGPBBQSjE8mCxJQw39aQZo1xl4ezsVvjeJFwTW L1xZsjnpmalkG+b/LHD1XXU05385SplcIIwGOrbrpR7fyhhqDxW4nX8Hz3dYB5uAM20X Dlxw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=lQSBYc4e; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=Jv3Fpi+s; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="E/5FAmPW"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 46e09a7af769-7ce4781df64si16330825a34.39.2026.01.14.05.58.20 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 14 Jan 2026 05:58:20 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=lQSBYc4e; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=Jv3Fpi+s; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="E/5FAmPW"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=/tMfaBgxPy+lJWWlawkzDJZxO/THqLPtlGEAEHgLN90=; b=lQSBYc4eo2Pz0qVAmS2poTVp7K fNLZJwba8T6la2kVu7LeClhX2ENrGxz4faU9O4Vo36XcI75jUKAUhxWoif2zh3K3L8GqiybMWeizT 2erFPK9mJpXsRgatmmxKJchv0NsfypzywJggufaS/+3iw97m/ApQdUbPm48HxIYf4IsM=; Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1vg1O5-0007LV-Dg; Wed, 14 Jan 2026 13:58:17 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1vg1O4-0007LN-Bk for openvpn-devel@lists.sourceforge.net; Wed, 14 Jan 2026 13:58:16 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=oq52HDKv4LFQAhVlBxC7h2T5UmCqcolSrEgvk1hgtZM=; b=Jv3Fpi+szNYBtm7Q3bvAai4DFl OHBUNQkAzKJVD4JlFLPjElaXPVNpDs0YU284ag57XVfksAzuUovf0WYn3IKd6cOGOgmqMXKnbfcmw MMsAgK+TWPVerBFQvTcg/2nybcj9aeND+cbFoHcW2EA+D9XPioKCDZHgUkCAWKEMkONk=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=oq52HDKv4LFQAhVlBxC7h2T5UmCqcolSrEgvk1hgtZM=; b=E/5FAmPWH7HQKU5ArkOIX518L0 ZCVLLchun9XbQelfIY/EfOCeb/GCvUxuP4/IDZpu+B+I4Tj1M1l7FpZi9DmkMM6kZgE6ymOIXhmY8 Tgl9YE/PqJ1OjJn/iqIYfdM7e8ErVIvsFRnyzocuJjIxXM1uPSFwN5rp6IoG4Mo/wCgQ=; Received: from [193.149.48.134] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1vg1O3-0008JB-4u for openvpn-devel@lists.sourceforge.net; Wed, 14 Jan 2026 13:58:16 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 60EDw8Yb020650 for ; Wed, 14 Jan 2026 14:58:08 +0100 Received: (from gert@localhost) by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 60EDw8Pl020649 for openvpn-devel@lists.sourceforge.net; Wed, 14 Jan 2026 14:58:08 +0100 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Wed, 14 Jan 2026 14:58:02 +0100 Message-ID: <20260114135807.20637-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.51.2 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-1.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Frank Lichtenheld Not just check the return value but also that relay_addr is valid. recv_socks_reply doesn't care whether the answer is what we expected. This is probably a very unlikely edge case but it doesn't hurt [...] Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1vg1O3-0008JB-4u Subject: [Openvpn-devel] [PATCH v1] socks: In establish_socks_proxy_udpassoc check result of recv_socks_reply X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1854300854774631416?= X-GMAIL-MSGID: =?utf-8?q?1854300854774631416?= From: Frank Lichtenheld Not just check the return value but also that relay_addr is valid. recv_socks_reply doesn't care whether the answer is what we expected. This is probably a very unlikely edge case but it doesn't hurt to check for it here. Reported-By: Joshua Rogers Found-By: ZeroPath (https://zeropath.com) Github: openvpn-private-issues#13 Change-Id: Ic1c8f24de423541bdc85e70b5a688213800d86de Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1469 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1469 This mail reflects revision 1 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering diff --git a/src/openvpn/socks.c b/src/openvpn/socks.c index 078b4e1..5cb5912 100644 --- a/src/openvpn/socks.c +++ b/src/openvpn/socks.c @@ -412,8 +412,7 @@ send(ctrl_sd, "\x05\x03\x00\x01\x00\x00\x00\x00\x00\x00", 10, MSG_NOSIGNAL); if (size != 10) { - msg(D_LINK_ERRORS | M_ERRNO, - "establish_socks_proxy_passthru: TCP port write failed on send()"); + msg(D_LINK_ERRORS | M_ERRNO, "%s: TCP port write failed on send()", __func__); goto error; } } @@ -424,6 +423,11 @@ { goto error; } + if (!relay_addr->addr.in4.sin_addr.s_addr) + { + msg(D_LINK_ERRORS, "%s: Socks proxy did not answer with IPv4 address", __func__); + goto error; + } return;