From patchwork Sun Apr 4 22:00:05 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 1711 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director7.mail.ord1d.rsapps.net ([172.31.255.6]) by backend30.mail.ord1d.rsapps.net with LMTP id mOewC7nDamCmJgAAIUCqbw (envelope-from ) for ; Mon, 05 Apr 2021 04:00:57 -0400 Received: from proxy10.mail.iad3b.rsapps.net ([172.31.255.6]) by director7.mail.ord1d.rsapps.net with LMTP id gF90C7nDamDAXgAAovjBpQ (envelope-from ) for ; Mon, 05 Apr 2021 04:00:57 -0400 Received: from smtp24.gate.iad3b ([172.31.255.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy10.mail.iad3b.rsapps.net with LMTPS id UO3bBLnDamDnUAAA/F5p9A (envelope-from ) for ; Mon, 05 Apr 2021 04:00:57 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp24.gate.iad3b.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: 0cec40fe-95e5-11eb-b5d9-525400892b35-1-1 Received: from [216.105.38.7] ([216.105.38.7:33746] helo=lists.sourceforge.net) by smtp24.gate.iad3b.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 31/35-10864-8B3CA606; Mon, 05 Apr 2021 04:00:56 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1lTK9j-0006aV-4z; Mon, 05 Apr 2021 08:00:19 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lTK9f-0006Zt-I6 for openvpn-devel@lists.sourceforge.net; Mon, 05 Apr 2021 08:00:15 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=RGjU+a/mjmWcIB/o+2brNDoC76gCE3cs250E2xpc+v0=; b=JC7D7RYV/Z9LnojXZF9mItlKGi v8810BFUZNVbbjQIhlG7ZddGhGxQyL6W7eNSHzLAjsxFMgj2U9VXVxlcXo5SRnjmh6I9XCrq7/6lO Vhk/L9NkieIrqOYeh8+1vVEsAxya15nYn9ByC0vNey7dARD7f8FusfCSKhwEw+OP5UfU=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:Cc:To:From :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=RGjU+a/mjmWcIB/o+2brNDoC76gCE3cs250E2xpc+v0=; b=m J/HPYORnKM7a1bB7a61IjIXdSfk0Czzy6quLzHN18JaZI5irS4UYWFdoVq4v6x0cw8Ty+vhI1UJKD plpTyw0bhUKeP6A7WZtklBmZMrdYl8CKGh9mJSqjgFtRsRha6WjKSMybGUAsgXKOyrryBBAnvj0F/ Udv7NjZO8YkmBZtk=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2) id 1lTK9b-003QUO-1Y for openvpn-devel@lists.sourceforge.net; Mon, 05 Apr 2021 08:00:15 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Mon, 5 Apr 2021 10:00:05 +0200 Message-Id: <20210405080007.1665-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record X-Headers-End: 1lTK9b-003QUO-1Y Subject: [Openvpn-devel] [PATCH 1/3] openssl: fix EVP_PKEY_CTX memory leak X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Antonio Quartulli A context allocated with EVP_PKEY_CTX_new_id() must be ultimately free'd by Eng VP_PKEY_CTX_free(). Failing to do so will result in a memory leak. This bug was discovered using GCC with "-fsanitize=address". Signed-off-by: Antonio Quartulli Acked-by: Gert Doering --- src/openvpn/crypto_openssl.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index f3e86863..d54ca6d2 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -1125,37 +1125,41 @@ bool ssl_tls1_PRF(const uint8_t *seed, int seed_len, const uint8_t *secret, int secret_len, uint8_t *output, int output_len) { + bool ret = false; EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL); if (!EVP_PKEY_derive_init(pctx)) { - return false; + goto out; } if (!EVP_PKEY_CTX_set_tls1_prf_md(pctx, EVP_md5_sha1())) { - return false; + goto out; } if (!EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, secret, secret_len)) { - return false; + goto out; } if (!EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed, seed_len)) { - return false; + goto out; } size_t out_len = output_len; if (!EVP_PKEY_derive(pctx, output, &out_len)) { - return false; + goto out; } if (out_len != output_len) { - return false; + goto out; } - return true; + ret = true; +out: + EVP_PKEY_CTX_free(pctx); + return ret; } #else /* if OPENSSL_VERSION_NUMBER >= 0x10100000L */ /* From patchwork Sun Apr 4 22:00:06 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 1712 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director9.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id uB0eOb3DamD/FwAAIUCqbw (envelope-from ) for ; Mon, 05 Apr 2021 04:01:01 -0400 Received: from proxy16.mail.ord1d.rsapps.net ([172.30.191.6]) by director9.mail.ord1d.rsapps.net with LMTP id AAnhOL3DamBTbQAAalYnBA (envelope-from ) for ; Mon, 05 Apr 2021 04:01:01 -0400 Received: from smtp5.gate.ord1c ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy16.mail.ord1d.rsapps.net with LMTPS id EJOSOL3DamDmPAAAetu3IA (envelope-from ) for ; Mon, 05 Apr 2021 04:01:01 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp5.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: 0fe25e7e-95e5-11eb-ae2d-a4badb0b200d-1-1 Received: from [216.105.38.7] ([216.105.38.7:52714] helo=lists.sourceforge.net) by smtp5.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id F3/37-14465-DB3CA606; Mon, 05 Apr 2021 04:01:01 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1lTK9l-0004pT-5P; Mon, 05 Apr 2021 08:00:21 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lTK9j-0004pI-9F for openvpn-devel@lists.sourceforge.net; Mon, 05 Apr 2021 08:00:19 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=A8CgdixcIHCmnapNF9o4ufjcrut6Rdnj7iywRjqOg5A=; b=eapMUXOlp63pRi/bmN6gdUEmjE BE5EtGvcySjm/tkvBuVFGUuXI6CZEbXUPVVjChwbVADvFKnHjFRQPBWBpQVgf+a/eVwTLt9XxxL9J LWYBB4m2zkzChhpVfJ/gzvoqadCm5Jqif8uyYmkA8wQks7sacOrVW+mxxdvTkLuR3dVM=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=A8CgdixcIHCmnapNF9o4ufjcrut6Rdnj7iywRjqOg5A=; b=ab86IdVIaDwKjXWF6tl58fWVGr OJmI852a+qEJzxYlGDVwpdvP1IsArpiEJNA8MTMMWm7tWt2AHCnqiu4H2jCFqlqaVq4kwKRLL76dr /yRlEDdcKtaAPvi8MoJNFyL41458fqtyM+VYexk6UNNaIdKt3L4GilYS+lRKCetheDJE=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2) id 1lTK9c-003QUT-HP for openvpn-devel@lists.sourceforge.net; Mon, 05 Apr 2021 08:00:19 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Mon, 5 Apr 2021 10:00:06 +0200 Message-Id: <20210405080007.1665-2-a@unstable.cc> In-Reply-To: <20210405080007.1665-1-a@unstable.cc> References: <20210405080007.1665-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record X-Headers-End: 1lTK9c-003QUT-HP Subject: [Openvpn-devel] [PATCH 2/3] openssl: avoid NULL pointer dereference X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Antonio Quartulli EVP_PKEY_CTX_new_id() may return NULL and for this reason we must check its return value and bail out in case of failure. Failing to do so, may result in NULL pointer dereferece when we pass the returned pointer (NULL) to other functions. Signed-off-by: Antonio Quartulli Acked-by: Gert Doering --- src/openvpn/crypto_openssl.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index d54ca6d2..dc6b0fa7 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -1125,8 +1125,13 @@ bool ssl_tls1_PRF(const uint8_t *seed, int seed_len, const uint8_t *secret, int secret_len, uint8_t *output, int output_len) { - bool ret = false; EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL); + if (!pctx) + { + return false; + } + + bool ret = false; if (!EVP_PKEY_derive_init(pctx)) { goto out; From patchwork Sun Apr 4 22:00:07 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 1713 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director13.mail.ord1d.rsapps.net ([172.31.255.6]) by backend30.mail.ord1d.rsapps.net with LMTP id iD8hHMHDamB9cgAAIUCqbw (envelope-from ) for ; Mon, 05 Apr 2021 04:01:05 -0400 Received: from proxy9.mail.iad3b.rsapps.net ([172.31.255.6]) by director13.mail.ord1d.rsapps.net with LMTP id wOXoG8HDamAaCQAA91zNiA (envelope-from ) for ; Mon, 05 Apr 2021 04:01:05 -0400 Received: from smtp10.gate.iad3b ([172.31.255.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy9.mail.iad3b.rsapps.net with LMTPS id uOlXFcHDamDxWwAAC4PSzw (envelope-from ) for ; Mon, 05 Apr 2021 04:01:05 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp10.gate.iad3b.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: 11a86b54-95e5-11eb-94fb-52540055034d-1-1 Received: from [216.105.38.7] ([216.105.38.7:55682] helo=lists.sourceforge.net) by smtp10.gate.iad3b.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 3F/92-26872-0C3CA606; Mon, 05 Apr 2021 04:01:04 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.92.3) (envelope-from ) id 1lTK9o-0001AE-Od; Mon, 05 Apr 2021 08:00:24 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) (envelope-from ) id 1lTK9f-00019v-Oj for openvpn-devel@lists.sourceforge.net; Mon, 05 Apr 2021 08:00:15 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=UezzQ/ZHBOJfidcfLAY5/fkiDvt68BfvcE3cMacnyhQ=; b=ULfLGNNJHvluP+qse05zo0H156 8PJNg0mRNlkz0dZp2EnPkzTVihriyYuB2FLeoXzVYH4WKSqfQFBnvqFjKLawRc0vo1om9282OaSEa BQWQ7/DysyCPPQQe7IAnrooZjLmkcAld2z4JDpDtVRzQeLy5+oVcWq/IS8UnTOTM97e8=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=UezzQ/ZHBOJfidcfLAY5/fkiDvt68BfvcE3cMacnyhQ=; b=A0EMLTkyCv95UES/63l3GO4FyZ h8+2EysLqr95TAoByWeH3p84xgVsqk6QcAB5etpBSdgTM4sU3pDRoz48/YlpyJgHzEBqcoB/GElad 3BoeQFi7SvJxnZbk14a+vr5wd93kCH6ZlMJdr2rj/6+aoBo3OVOkvGYFW4eWAZLOkDdE=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2) id 1lTK9d-003QUW-RM for openvpn-devel@lists.sourceforge.net; Mon, 05 Apr 2021 08:00:15 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Mon, 5 Apr 2021 10:00:07 +0200 Message-Id: <20210405080007.1665-3-a@unstable.cc> In-Reply-To: <20210405080007.1665-1-a@unstable.cc> References: <20210405080007.1665-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record X-Headers-End: 1lTK9d-003QUW-RM Subject: [Openvpn-devel] [PATCH 3/3] ssl: remove unneeded if block X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Antonio Quartulli There is no need to check the result of a boolean function and then assign a constant value to a variable based on that check. Directly assign the return value of the function to the variable. Signed-off-by: Antonio Quartulli --- src/openvpn/ssl.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 9d18c6e5..cb2a3e82 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -1614,10 +1614,8 @@ openvpn_PRF(const uint8_t *secret, } /* compute PRF */ - if (!ssl_tls1_PRF(BPTR(&seed), BLEN(&seed), secret, secret_len, output, output_len)) - { - ret = false; - } + ret = ssl_tls1_PRF(BPTR(&seed), BLEN(&seed), secret, secret_len, output, + output_len); buf_clear(&seed); free_buf(&seed);