| Message ID | 20260609102407.32590-1-gert@greenie.muc.de |
|---|---|
| State | New |
| Headers |
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Received: by 2002:a05:7000:bc1d:b0:861:c897:cb9d with SMTP id
jc29csp2566939mab;
Tue, 9 Jun 2026 07:19:43 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
AFNElJ+bOVEVINpX5cwGjaIhKNdzXyGT3LGA9IZDSptGSyHfniJLQ5pGthVcjYIPKBW4vY8LLAU6HIfcu54=@openvpn.net
X-Received: by 2002:a05:6808:1a1d:b0:486:560d:aa93 with SMTP id
5614622812f47-4868d88ca0cmr12331296b6e.0.1781014782998;
Tue, 09 Jun 2026 07:19:42 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1781014782; cv=none;
d=google.com; s=arc-20240605;
b=Xje7kRWLyvuKeTfksH/B4xr1pxEKaKreuof5lpOcdJalWbHIE7kRlTtx5OvHeyFKg0
oYblYtdRQPnypXKv0gWF2+Rz6msy6C34iqFfDbnPp7Yw1iAufhXXmB/bx/t6slW6Q5m7
Psr7E8jm7oJ4exE6zG8K/kj1gy80xicTSsX1cKQiD9TQxtq+gtyCZR0kkt5O/7f60ZpE
H2D5T5SrldbrzBCDEKUnCMenDykhOyQEZR+bMcnUuqjmrLQY+K8sW6ZwDGuFBH0pw6n2
rr82jymYQjWDTEdXL3ohxl6FVjznaIMlNqjcU4nsn6mYy0zZZri/Fw/JaGSxujnUe0i0
2JqQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20240605;
h=errors-to:content-transfer-encoding:list-subscribe:list-help
:list-post:list-archive:list-unsubscribe:list-id:precedence:subject
:mime-version:references:in-reply-to:message-id:date:to:from
:dkim-signature:dkim-signature:dkim-signature;
bh=bD06jgc+ArpEAhhqXVYQ5kCpku6Y+XC0bu1hjUi4UeE=;
fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=;
b=VNBHODKOcNi/FCcRpQHfbDoQGBMmXGpsHkcVDwR0Znmo4V6EI2E1qOBaTyUbDcUo+D
TI/abOBmFveGs3COhaQzeNpxHg/CQKHXOOqOcbVN1N/r0A6xy/pSEDupUwn78Eg3E9XR
ixCUmYCKSdEDimB8khuHQxAb9FxYXi9jS95NQNzsrOQqSxY5NBsgRUeT6JBsd/iCqZDj
y6ytOxacdC8Mt40te0fjUtThaaIWBBOXTb43qoTb6oCDb7mbMfafO6G50uxn+39stcA1
7q2y2PyMtUKLwsilaeMNc+VF8aua/ZtfETSIQjYHdCbxveA2M+uz0u/yRpOBakvV/UPv
Catg==;
dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@lists.sourceforge.net header.s=beta
header.b=fLFVpPe3;
dkim=neutral (body hash did not verify) header.i=@sourceforge.net
header.s=x header.b=NC+ew0V5;
dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
header.b=Cu7w3fP9;
spf=pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de
Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7])
by mx.google.com with ESMTPS id
586e51a60fabf-440d7d50f35si15885684fac.99.2026.06.09.07.19.42
(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
Tue, 09 Jun 2026 07:19:42 -0700 (PDT)
Received-SPF: pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) client-ip=216.105.38.7;
Authentication-Results: mx.google.com;
dkim=pass header.i=@lists.sourceforge.net header.s=beta
header.b=fLFVpPe3;
dkim=neutral (body hash did not verify) header.i=@sourceforge.net
header.s=x header.b=NC+ew0V5;
dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
header.b=Cu7w3fP9;
spf=pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:
List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:
Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender:
Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From:
Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner;
bh=bD06jgc+ArpEAhhqXVYQ5kCpku6Y+XC0bu1hjUi4UeE=; b=fLFVpPe3k8ldt/ZRKdvJQJw/f1
Rzwk4SZIELZJMUQRXUEwnVuOCP9EHERDSGvLSx0TGnLAkClDtuaLLzyWR/v00AM5oNfBrSyHjrFBL
5ul8jp0OpaTRWLoBegcMm2aR4nOaLFPEJeLm1jtGxuO3Weg1gCmOQ4f7J1F8W85HpavI=;
Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com)
by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95)
(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
id 1wWxIp-0005P9-J0;
Tue, 09 Jun 2026 14:19:40 +0000
Received: from [172.30.29.66] (helo=mx.sourceforge.net)
by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
(envelope-from <gert@blue4.greenie.muc.de>) id 1wWxIn-0005Os-IF
for openvpn-devel@lists.sourceforge.net;
Tue, 09 Jun 2026 14:19:38 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References:
In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:
Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
List-Subscribe:List-Post:List-Owner:List-Archive;
bh=G5Xcgl6XqC++o8CaxxkzZuS2cneGU5OlFaWEl1o9r2E=; b=NC+ew0V5p9Szp4qCjkHiWXUZRQ
V1DTuwvP+VYHBxaaMJF4rJtg0V6gbR4Fk6BkcYNQPHDsJ6nKQRYGG7xXwPaJYboUkwWYAEmIxGQmt
xjKP+qIRHevdxWba3vmL0yzYx9wnNK6Y4bU3i7ooGn0qyFa/JhKgMOEA1nSR59TCzFiA=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
;
h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID:
Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID:
Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
List-Post:List-Owner:List-Archive;
bh=G5Xcgl6XqC++o8CaxxkzZuS2cneGU5OlFaWEl1o9r2E=; b=Cu7w3fP9jUsQaPN26K/EVQbIaO
LehO5m6Pyj+QABxwGoaRbYjHVnvvHrN2m8dy8vz9/2x9p2KUSgG5SkZZ0eicNuOodRi3f0WmlBs4O
Ommuatz3z0nFT47Q6M1rSFNlfUxo8UPtSHd5MBM+K6ALfHQW1c2ScsQQhXkcM05MrYPo=;
Received: from [193.149.48.129] (helo=blue.greenie.muc.de)
by sfi-mx-2.v28.lw.sourceforge.com with esmtps
(TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95)
id 1wWxIj-00014z-HX for openvpn-devel@lists.sourceforge.net;
Tue, 09 Jun 2026 14:19:38 +0000
Received: from blue.greenie.muc.de (localhost [127.0.0.1])
by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 659AO82O032620
for <openvpn-devel@lists.sourceforge.net>; Tue, 9 Jun 2026 12:24:08 +0200
Received: (from gert@localhost)
by blue.greenie.muc.de (8.18.2/8.18.1/Submit) id 659AO8tQ032619
for openvpn-devel@lists.sourceforge.net; Tue, 9 Jun 2026 12:24:08 +0200
From: Gert Doering <gert@greenie.muc.de>
To: openvpn-devel@lists.sourceforge.net
Date: Tue, 9 Jun 2026 12:24:01 +0200
Message-ID: <20260609102407.32590-1-gert@greenie.muc.de>
X-Mailer: git-send-email 2.53.0
In-Reply-To:
<gerrit.1779381787000.I2ca8bf90a796f2b757c2fde0ae24468ef3abc3b5@gerrit.openvpn.net>
References:
<gerrit.1779381787000.I2ca8bf90a796f2b757c2fde0ae24468ef3abc3b5@gerrit.openvpn.net>
MIME-Version: 1.0
X-Spam-Score: 1.3 (+)
X-Spam-Report: Spam detection software,
running on the system "sfi-spamd-1.hosts.colo.sdot.me",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: From: Max Fillinger <maximilian.fillinger@sentyron.com>
After
generating a tls-crypt-v2 client key, OpenVPN will try to load the generated
key to verify that it was generated correctly. If the client key is not
written to disk but printed out on the comman [...]
Content analysis details: (1.3 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
X-Headers-End: 1wWxIj-00014z-HX
Subject: [Openvpn-devel] [PATCH v1] Null-terminate tls-crypt client keys
when testing
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
<mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive:
<http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
<mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox
X-GMAIL-THRID: 1867529357502235660
X-GMAIL-MSGID: 1867529357502235660
|
| Series |
[Openvpn-devel,v1] Null-terminate tls-crypt client keys when testing
|
|
Commit Message
Gert Doering
June 9, 2026, 10:24 a.m. UTC
From: Max Fillinger <maximilian.fillinger@sentyron.com> After generating a tls-crypt-v2 client key, OpenVPN will try to load the generated key to verify that it was generated correctly. If the client key is not written to disk but printed out on the command line, the PEM encoded key is stored in memory and read_pem_key_file is called with key_file_inline = true. However, this key is not a null-terminated string, so we end up calling strlen on a buffer that isn't null-terminated. This commit adds a null-byte at the end of the key. Change-Id: I2ca8bf90a796f2b757c2fde0ae24468ef3abc3b5 Signed-off-by: Max Fillinger <maximilian.fillinger@sentyron.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1701 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1701 This mail reflects revision 1 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering <gert@greenie.muc.de>
diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c index e91f80c..8c3d722 100644 --- a/src/openvpn/tls_crypt.c +++ b/src/openvpn/tls_crypt.c @@ -758,9 +758,10 @@ if (!filename || streq(filename, "")) { - printf("%.*s\n", BLEN(&client_key_pem), BPTR(&client_key_pem)); + buf_null_terminate(&client_key_pem); client_file = (const char *)BPTR(&client_key_pem); client_inline = true; + printf("%s\n", client_file); } else if (!buffer_write_file(filename, &client_key_pem)) {