| Message ID | 4f6be5e2fc56379333283583d98e6ceb7fce3d3b-HTML@gerrit.openvpn.net |
|---|---|
| State | Rejected |
| Headers | show
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Received: by 2002:a05:7300:a213:b0:100:d2e5:60d with SMTP id bs19csp30841dyb;
Tue, 9 Jan 2024 03:09:46 -0800 (PST)
X-Google-Smtp-Source:
AGHT+IGfNX48ODs9r+Ql4m5iDxnlTh0EyTmQgEqbQ0v/Kj2s9YR9HZkhqmFIUyWkrvWWTE+S9BEq
X-Received: by 2002:a17:902:a50d:b0:1d4:e2bc:89f3 with SMTP id
s13-20020a170902a50d00b001d4e2bc89f3mr9891449plq.4.1704798585724;
Tue, 09 Jan 2024 03:09:45 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1704798585; cv=none;
d=google.com; s=arc-20160816;
b=wZeDMM8cmoT07PoS0h9rkBpdt/Ghpbx9/0XUbeWRYYIz4BANVKTjLQsuR3B43Y+/LQ
TnizK1DhmrmPl6F6x2GYgxOfl3N1TgzgW6uJ4L+Vaq1jFbMx77amkNzqdrCfJAABvEKK
GgNxK7YMA2izaRt9Sup3jSI3/oSYGdnw2dKqNHbbMYwH6wH05sJOhvvbyykvObMOI4oG
RnQLEkpoX6mRbjVe8qCe6/fHEgMcfrof6o02Nm0uJKfjmbOXcUKSgHWOIu4L1n+TgyZ0
Du/yz1MNcgQOzflxZdr36xfNYGtQgLeaB6mS0JWPtBe/w7MxuzVI2UgrelcEGJ0f8Qm2
2K9w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=errors-to:cc:reply-to:list-subscribe:list-help:list-post
:list-archive:list-unsubscribe:list-id:precedence:subject:user-agent
:mime-version:message-id:references:auto-submitted:to:date:from
:dkim-signature:dkim-signature:dkim-signature;
bh=rvCf0x1rH0S7qBP7LyvGsN7JOcRQnQZ8yCw+GN/7J1g=;
fh=GFP4qDxgyJ2WEPo/oeLZg3Mj4NqvY1j2nTvTt7psNwg=;
b=ksFBvsR6nOq0VY2adkzjNObwC1CwS/rv27FQPygRdCAazHEHnhliMl2kYXKOW+Wzgi
nklvOB+HW/97Qb/9YQnm1CSzrWQGrnO4hpTwPe0TzuPmi/Kmge6/haHJIs7Ev2fw/sRQ
XIsPynV0pk1ZkEbqwmHUjHWXETfwUrXLkbRFtunPU/ph8QCz8oIHyivINFU2i73LnjEY
Egl7sMlbj9J97mpybuB5G3HYDXkBTzSgS9IECKpfBLzRteljNOz87eepBHJG///1WKct
jEANOEyJZWCnlt/XWnF30i8dsdyKz7izqWNMx9AR4WUUElYr9Dr5GRZNcWEKYH1TNEgy
gtzw==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=neutral (body hash did not verify) header.i=@sourceforge.net
header.s=x header.b=CHAYcM4N;
dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
header.b=cmIklu5I;
dkim=neutral (body hash did not verify) header.i=@openvpn.net
header.s=google header.b=H7wxNquJ;
spf=pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net
Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7])
by mx.google.com with ESMTPS id
c12-20020a17090ae10c00b0028c03c9a3c9si7146300pjz.24.2024.01.09.03.09.45
(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
Tue, 09 Jan 2024 03:09:45 -0800 (PST)
Received-SPF: pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) client-ip=216.105.38.7;
Authentication-Results: mx.google.com;
dkim=neutral (body hash did not verify) header.i=@sourceforge.net
header.s=x header.b=CHAYcM4N;
dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
header.b=cmIklu5I;
dkim=neutral (body hash did not verify) header.i=@openvpn.net
header.s=google header.b=H7wxNquJ;
spf=pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net
Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com)
by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95)
(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
id 1rN9yw-0005wh-53;
Tue, 09 Jan 2024 11:09:18 +0000
Received: from [172.30.20.202] (helo=mx.sourceforge.net)
by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
(envelope-from <gerrit@openvpn.net>) id 1rN9yt-0005wa-ER
for openvpn-devel@lists.sourceforge.net;
Tue, 09 Jan 2024 11:09:15 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version
:Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:
From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From:
Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:
List-Subscribe:List-Post:List-Owner:List-Archive;
bh=0lo95NvxMujPhfjgTKlcSg6vFrC28cgtAUbJF1N7xWk=; b=CHAYcM4Ny+obcGKUQWinJyRLxy
Kvwy7rUMFPJ/Fyvcsz84g5gIMzbvAmUdfM9dF2OVeGnUyG+PG67Lpk0X1QZ6BmjS6G3QczYGCfPXq
MMMmPDq6NMw2HvDPDnN9pczfPm1YB6BRxPWRnCz39/nvMK1ugXMxl1yrP8bLQn7EDaVI=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
;
h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To:
References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID
:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:
Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post:
List-Owner:List-Archive; bh=0lo95NvxMujPhfjgTKlcSg6vFrC28cgtAUbJF1N7xWk=; b=c
mIklu5I8ytoChxdNmQipzMU5ERlpmvR4xvO//c/r21Nh8o3YyJelXU5MKKaJCl3haerx+KjP6e+CK
+ZDYOjz60ItVo1jHaT69CzAG+mQJqXDlM9PcQnKs3zCs8lTJKVINWJfx66Z4gzH6T5fLjAhdupQs4
eeW39c2ZuYJR/UCg=;
Received: from mail-wm1-f44.google.com ([209.85.128.44])
by sfi-mx-2.v28.lw.sourceforge.com with esmtps
(TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95)
id 1rN9yp-0002i9-1o for openvpn-devel@lists.sourceforge.net;
Tue, 09 Jan 2024 11:09:15 +0000
Received: by mail-wm1-f44.google.com with SMTP id
5b1f17b1804b1-40d8902da73so26538415e9.2
for <openvpn-devel@lists.sourceforge.net>;
Tue, 09 Jan 2024 03:09:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=openvpn.net; s=google; t=1704798544; x=1705403344;
darn=lists.sourceforge.net;
h=user-agent:content-disposition:content-transfer-encoding
:mime-version:message-id:reply-to:references:subject
:list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc
:subject:date:message-id:reply-to;
bh=0lo95NvxMujPhfjgTKlcSg6vFrC28cgtAUbJF1N7xWk=;
b=H7wxNquJ2dhBkmzlXAP7Bl+Ec+q8/Gfwc1fXpTS23LsF4OCpqXznYlzmEWzaUIKBHS
lLsgVuBFCQih5NP2tDxjJxgmR0kq+x5thv9ifLKNTy7jgV1ZeRCbjbpt0M0WO9PMu5tq
ytb6tNdxxRMAhPvzvUKHBqIAyGpfWGXABzk0C02g4A0T6FeM9Bo2NzvuExc7EOGvUxlW
F2pYQA4lCbT4LZC0YdXxvNDC1fZHuXAZRLzCGo2Hpb09baIQ/wp2ysyidFiIPvwkKxuQ
dXi6n6CP09hZT8j11olP4fC+Vu55OIPaBrbnqz8rpNS5WUG6mQIHNeKD9Rae4C0hh73e
rwLg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1704798544; x=1705403344;
h=user-agent:content-disposition:content-transfer-encoding
:mime-version:message-id:reply-to:references:subject
:list-unsubscribe:list-id:auto-submitted:cc:to:date:from
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=0lo95NvxMujPhfjgTKlcSg6vFrC28cgtAUbJF1N7xWk=;
b=APv7CCyRgmv4WnqL8Wzybf/o+4upY2ClDpQt06eXZcPn4g2Abg2cBEK9QQLshKdqvk
+mD9w1HV2mC90PFNW6fjtyU2gmW6+IHicehu+5AndFev//RZorhuKKxHvXORQjicGMij
WxObgYNzXqqzP5pjA+87wcoCf2UuwG64OihFeEXC6RgiOywmtCyKMudQhLxVy8hhXGTp
4YP04AZf/jc9z0d6/tZ9JZ+3fnGBXD4XOV0XX533AlddVtwKOBKuDEuVJ4m4nXRGEDYC
GEPDWFwAU8kLKI8gEfMj0mNHF9lAqbk7RMWt4GVGTFV4GJALmOBLdNMZv1iw0QKXwvcg
8Hig==
X-Gm-Message-State: AOJu0Yzb7XhbGjbggFIELY4gPINCaHSospppaIfbjnXIjOkrqtXvXlqn
Eap2ed0xahCcF9Xinz9wQdjSmvN3qlDDJILiuBjMDzOK+10=
X-Received: by 2002:a05:600c:5406:b0:40e:4d66:8c with SMTP id
he6-20020a05600c540600b0040e4d66008cmr639206wmb.112.1704798544618;
Tue, 09 Jan 2024 03:09:04 -0800 (PST)
Received: from gerrit.openvpn.in
(ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78])
by smtp.gmail.com with ESMTPSA id
m21-20020a05600c3b1500b0040d5c58c41dsm3195209wms.24.2024.01.09.03.09.04
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Tue, 09 Jan 2024 03:09:04 -0800 (PST)
From: "flichtenheld (Code Review)" <gerrit@openvpn.net>
X-Google-Original-From: "flichtenheld (Code Review)"
<gerrit@gerrit.openvpn.in>
X-Gerrit-PatchSet: 1
Date: Tue, 9 Jan 2024 11:09:03 +0000
To: plaisthos <arne-openvpn@rfc2549.org>
Auto-Submitted: auto-generated
X-Gerrit-MessageType: newchange
X-Gerrit-Change-Id: Iaef904ee2448dc0b9ad396d3ad9ae21b9dd6281e
X-Gerrit-Change-Number: 492
X-Gerrit-Project: openvpn
X-Gerrit-ChangeURL: <http://gerrit.openvpn.net/c/openvpn/+/492?usp=email>
X-Gerrit-Commit: 742eb10f1d7254db24ce5e3b7898605c71303ce7
References:
<gerrit.1704798536000.Iaef904ee2448dc0b9ad396d3ad9ae21b9dd6281e@gerrit.openvpn.net>
Message-ID: <4f6be5e2fc56379333283583d98e6ceb7fce3d3b-HTML@gerrit.openvpn.net>
MIME-Version: 1.0
User-Agent: Gerrit/3.8.2
X-Spam-Score: -0.2 (/)
X-Spam-Report: Spam detection software,
running on the system "util-spamd-2.v13.lw.sourceforge.com",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Attention is currently required from: plaisthos. Hello
plaisthos, I'd like you to do a code review. Please visit
Content analysis details: (-0.2 points, 6.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
-0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.128.44 listed in wl.mailspike.net]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/,
no trust [209.85.128.44 listed in list.dnswl.org]
0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP
0.0 HTML_MESSAGE BODY: HTML included in message
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily
valid
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted
Colors in HTML
-0.0 T_SCC_BODY_TEXT_LINE No description available.
X-Headers-End: 1rN9yp-0002i9-1o
Subject: [Openvpn-devel] [S] Change in openvpn[master]:
adjust_payload_max_cbc: Fix Coverity issue "Division or modulo by zero"
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
<mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive:
<http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
<mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Reply-To: frank@lichtenheld.com, arne-openvpn@rfc2549.org,
openvpn-devel@lists.sourceforge.net
Cc: openvpn-devel <openvpn-devel@lists.sourceforge.net>
Content-Type: multipart/mixed; boundary="===============6862547475221307947=="
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox
X-GMAIL-THRID: =?utf-8?q?1787610881865605137?=
X-GMAIL-MSGID: =?utf-8?q?1787610881865605137?=
X-getmail-filter-classifier: gerrit message type newchange
|
| Series |
[Openvpn-devel,S] Change in openvpn[master]: adjust_payload_max_cbc: Fix Coverity issue "Division or modulo by zero"
|
expand
|
diff --git a/src/openvpn/mss.c b/src/openvpn/mss.c index 1566c64..797ebf7 100644 --- a/src/openvpn/mss.c +++ b/src/openvpn/mss.c @@ -210,13 +210,7 @@ static inline size_t adjust_payload_max_cbc(const struct key_type *kt, size_t target) { - if (!cipher_kt_mode_cbc(kt->cipher)) - { - /* With stream ciphers (or block cipher in stream modes like CFB, AEAD) - * we can just use the target as is */ - return target; - } - else + if (cipher_kt_mode_cbc(kt->cipher)) { /* With CBC we need at least one extra byte for padding and then need * to ensure that the resulting CBC ciphertext length, which is always @@ -225,6 +219,9 @@ target = round_down_size(target, block_size); return target - 1; } + /* With stream ciphers (or block cipher in stream modes like CFB, AEAD) + * we can just use the target as is */ + return target; } static size_t
Attention is currently required from: plaisthos. Hello plaisthos, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/492?usp=email to review the following change. Change subject: adjust_payload_max_cbc: Fix Coverity issue "Division or modulo by zero" ...................................................................... adjust_payload_max_cbc: Fix Coverity issue "Division or modulo by zero" In error cases cipher_kt_block_size can return 0. This would lead to a divison by zero in round_down_uint. By reordering the conditional we can make sure we only take this path if we have a valid cipher to begin with. Change-Id: Iaef904ee2448dc0b9ad396d3ad9ae21b9dd6281e Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> --- M src/openvpn/mss.c 1 file changed, 4 insertions(+), 7 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/92/492/1