@@ -948,17 +948,21 @@
}
/* send digest response */
- openvpn_snprintf(buf, sizeof(buf), "Proxy-Authorization: Digest username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s\", qop=%s, nc=%s, cnonce=\"%s\", response=\"%s\"%s",
- username,
- realm,
- nonce,
- uri,
- qop,
- nonce_count,
- cnonce,
- response,
- opaque_kv
- );
+ int sret = openvpn_snprintf(buf, sizeof(buf), "Proxy-Authorization: Digest username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s\", qop=%s, nc=%s, cnonce=\"%s\", response=\"%s\"%s",
+ username,
+ realm,
+ nonce,
+ uri,
+ qop,
+ nonce_count,
+ cnonce,
+ response,
+ opaque_kv
+ );
+ if (sret >= sizeof(buf))
+ {
+ goto error;
+ }
msg(D_PROXY, "Send to HTTP proxy: '%s'", buf);
if (!send_line_crlf(sd, buf))
{
@@ -109,8 +109,11 @@
"Authentication not possible.");
goto cleanup;
}
- openvpn_snprintf(to_send, sizeof(to_send), "\x01%c%s%c%s", (int) strlen(creds.username),
- creds.username, (int) strlen(creds.password), creds.password);
+ int sret = openvpn_snprintf(to_send, sizeof(to_send), "\x01%c%s%c%s",
+ (int) strlen(creds.username), creds.username,
+ (int) strlen(creds.password), creds.password);
+ ASSERT(sret <= sizeof(to_send));
+
size = send(sd, to_send, strlen(to_send), MSG_NOSIGNAL);
if (size != strlen(to_send))
@@ -2069,7 +2069,7 @@
#endif
#ifndef OPENSSL_NO_EC
- char groupname[256];
+ char groupname[64];
if (is_ec)
{
size_t len;
@@ -2130,7 +2130,7 @@
print_cert_details(X509 *cert, char *buf, size_t buflen)
{
EVP_PKEY *pkey = X509_get_pubkey(cert);
- char pkeybuf[128] = { 0 };
+ char pkeybuf[64] = { 0 };
print_pkey_details(pkey, pkeybuf, sizeof(pkeybuf));
char sig[128] = { 0 };
@@ -575,7 +575,7 @@
char metadata_type_str[4] = { 0 }; /* Max value: 255 */
openvpn_snprintf(metadata_type_str, sizeof(metadata_type_str),
- "%i", metadata_type);
+ "%i", (uint8_t) metadata_type);
struct env_set *es = env_set_create(NULL);
setenv_str(es, "script_type", "tls-crypt-v2-verify");
setenv_str(es, "metadata_type", metadata_type_str);
@@ -33,6 +33,7 @@
#include <sddl.h>
#include <shellapi.h>
#include <mstcpip.h>
+#include <inttypes.h>
#include <versionhelpers.h>
@@ -2002,7 +2003,7 @@
ReturnLastError(pipe, L"malloc");
goto out;
}
- openvpn_swprintf(cmdline, cmdline_size, L"openvpn %ls --msg-channel %lu",
+ openvpn_swprintf(cmdline, cmdline_size, L"openvpn %ls --msg-channel %" PRIuPTR,
sud.options, svc_pipe);
if (!CreateEnvironmentBlock(&user_env, imp_token, FALSE))
Attention is currently required from: flichtenheld. Hello flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/549?usp=email to review the following change. Change subject: Fix snprintf/swnprintf related compiler warnings ...................................................................... Fix snprintf/swnprintf related compiler warnings When openvpn_snprintf is replaced by snprintf the GCC/MSVC compiler will perform additional checks that the result is not truncated. This warning can be avoid by either explicitly the return value of snprintf (proxy) or ensuring that it is never truncated(tls crypt) Change-Id: If23988a05dd53a519c5e57f2aa3b2d10bd29df1d Signed-off-by: Arne Schwabe <arne@rfc2549.org> --- M src/openvpn/proxy.c M src/openvpn/socks.c M src/openvpn/ssl_openssl.c M src/openvpn/tls_crypt.c M src/openvpnserv/interactive.c 5 files changed, 25 insertions(+), 17 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/49/549/1