[Openvpn-devel,XS] Change in openvpn[master]: Fix check_session_buf_not_used using wrong index

Message ID 251a58bea595df5748f67cb92e65dc74943aa174-HTML@gerrit.openvpn.net
State Superseded
Headers show
Series [Openvpn-devel,XS] Change in openvpn[master]: Fix check_session_buf_not_used using wrong index | expand

Commit Message

its_Giaan (Code Review) Nov. 22, 2023, 11:12 p.m. UTC
Attention is currently required from: flichtenheld.

Hello flichtenheld,

I'd like you to do a code review.
Please visit

    http://gerrit.openvpn.net/c/openvpn/+/459?usp=email

to review the following change.


Change subject: Fix check_session_buf_not_used using wrong index
......................................................................

Fix check_session_buf_not_used using wrong index

The inner loop used i instead of j when iterating through the buffers.
Since i is always between 0 and 2 and ks->send_reliable->size is
(when it is defined) always 6 (TLS_RELIABLE_N_SEND_BUFFERS) this does not
cause an index of out bounds. So while the check is not doing anything
really useful with i instead of  j, it at least is not crashing or
anything similar.

Noticed-By: Jon Williams (braindead-bf) on Github issue #449
Change-Id: Ia3d5b4946138df322ebcd9e9e77d04328dacbc5d
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
---
M src/openvpn/ssl.c
1 file changed, 1 insertion(+), 1 deletion(-)



  git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/59/459/1

Patch

diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index 400230c..b5d24b5 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -3207,7 +3207,7 @@ 
 
         for (int j = 0; j < ks->send_reliable->size; j++)
         {
-            if (ks->send_reliable->array[i].buf.data == dataptr)
+            if (ks->send_reliable->array[j].buf.data == dataptr)
             {
                 msg(M_INFO, "Warning buffer of freed TLS session is still in"
                     " use (session->key[%d].send_reliable->array[%d])",