[Openvpn-devel,XS] Change in openvpn[master]: Do not check key_state buffers that are in S_UNDEF state

Message ID 57300481a334c57d0e58724244054e36d01a30a2-HTML@gerrit.openvpn.net
State Superseded
Headers show
Series [Openvpn-devel,XS] Change in openvpn[master]: Do not check key_state buffers that are in S_UNDEF state | expand

Commit Message

plaisthos (Code Review) Nov. 11, 2023, 2:21 p.m. UTC
Attention is currently required from: flichtenheld.

Hello flichtenheld,

I'd like you to do a code review.
Please visit

    http://gerrit.openvpn.net/c/openvpn/+/426?usp=email

to review the following change.


Change subject: Do not check key_state buffers that are in S_UNDEF state
......................................................................

Do not check key_state buffers that are in S_UNDEF state

When a key_state is in S_UNDEF the send_reliable is not initialised. So
checking it might access invalid memory or null pointers.

Change-Id: I226a73d47a2b1b29f7ec175ce23a806593abc2ac
---
M src/openvpn/ssl.c
1 file changed, 5 insertions(+), 0 deletions(-)



  git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/26/426/1

Patch

diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index cee4afe..24f2bab 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -3189,6 +3189,11 @@ 
     for (int i = 0; i < KS_SIZE; i++)
     {
         struct key_state *ks = &session->key[i];
+        if (ks->state == S_UNDEF)
+        {
+            continue;
+        }
+
         for (int j = 0; j < ks->send_reliable->size; j++)
         {
             if (ks->send_reliable->array[i].buf.data == dataptr)