From patchwork Tue Nov 15 12:29:40 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Arne Schwabe <arne@rfc2549.org>
X-Patchwork-Id: 2849
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Delivered-To: patchwork@openvpn.net
Received: from director12.mail.ord1d.rsapps.net ([172.31.255.6])
	by backend30.mail.ord1d.rsapps.net with LMTP
	id +H8kCWqGc2NzIAAAIUCqbw
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Tue, 15 Nov 2022 07:30:34 -0500
Received: from proxy6.mail.iad3b.rsapps.net ([172.31.255.6])
	by director12.mail.ord1d.rsapps.net with LMTP
	id mCUMCWqGc2OmbAAAIasKDg
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Tue, 15 Nov 2022 07:30:34 -0500
Received: from smtp18.gate.iad3b ([172.31.255.6])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	by proxy6.mail.iad3b.rsapps.net with LMTPS
	id ODGWAGqGc2OGRgAARawThA
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Tue, 15 Nov 2022 07:30:34 -0500
X-Spam-Threshold: 95
X-Spam-Score: 0
X-Spam-Flag: NO
X-Virus-Scanned: OK
X-Orig-To: openvpnslackdevel@openvpn.net
X-Originating-Ip: [216.105.38.7]
Authentication-Results: smtp18.gate.iad3b.rsapps.net;
 iprev=pass policy.iprev="216.105.38.7";
 spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net"
 smtp.helo="lists.sourceforge.net";
 dkim=fail (signature verification failed) header.d=sourceforge.net;
 dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil;
 dis=none) header.from=rfc2549.org
X-Suspicious-Flag: YES
X-Classification-ID: 4bd051d0-64e1-11ed-b57f-5254009ad1d4-1-1
Received: from [216.105.38.7] ([216.105.38.7:55918]
 helo=lists.sourceforge.net)
	by smtp18.gate.iad3b.rsapps.net (envelope-from
 <openvpn-devel-bounces@lists.sourceforge.net>)
	(ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384)
	id F4/7A-18652-96683736; Tue, 15 Nov 2022 07:30:33 -0500
Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com)
	by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1ouv4h-0004pk-Jh;
	Tue, 15 Nov 2022 12:29:59 +0000
Received: from [172.30.20.202] (helo=mx.sourceforge.net)
 by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
 (envelope-from <arne@kamera.blinkt.de>) id 1ouv4f-0004pd-5H
 for openvpn-devel@lists.sourceforge.net;
 Tue, 15 Nov 2022 12:29:57 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id:
 Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=QO/mhASGWCDrcD0+oHh3vM6FTjql3Qj0jtxnb6tu6/w=; b=DSxfaQ70aIvd58g6EOoUJiQ2Dr
 onV2r6Zw333hto+IaZblIAaEgL2iKk8SbAT6Iop1Mi2WXgN5dxybP/OTB3Bo7wpJgU5fkO91G4FM0
 V8AIXeeEnLbRV3TkC4UqKqxh53T1pVw3sqhdupMlxutfBB1BQ0VDBQMKtY2fqRupIHSk=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:To:From:
 Sender:Reply-To:Cc:Content-Type:Content-ID:Content-Description:Resent-Date:
 Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:
 References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:
 List-Owner:List-Archive; bh=QO/mhASGWCDrcD0+oHh3vM6FTjql3Qj0jtxnb6tu6/w=; b=l
 GqzYfvxrVCeLdho4p2iN9QHfVvecPvX1X/NVRSBXrxjZFS3Mj347pfzyGoKqUdIU+La27Io87qu66
 6KMOLtc+6royw02Hy+exQP3zMQ2UkQI4biPlMElzEZhA7cPgx+hUKPcIvY7EWS8OsUAoH6/KOSubV
 HKkSCsR77x/E4eNc=;
Received: from mail.blinkt.de ([192.26.174.232])
 by sfi-mx-1.v28.lw.sourceforge.com with esmtps
 (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95)
 id 1ouv4b-0094LJ-Df for openvpn-devel@lists.sourceforge.net;
 Tue, 15 Nov 2022 12:29:57 +0000
Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c])
 by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD))
 (envelope-from <arne@kamera.blinkt.de>) id 1ouv4O-000NVp-Ms
 for openvpn-devel@lists.sourceforge.net;
 Tue, 15 Nov 2022 13:29:40 +0100
Received: (nullmailer pid 1947330 invoked by uid 10006);
 Tue, 15 Nov 2022 12:29:40 -0000
From: Arne Schwabe <arne@rfc2549.org>
To: openvpn-devel@lists.sourceforge.net
Date: Tue, 15 Nov 2022 13:29:40 +0100
Message-Id: <20221115122940.1947284-1-arne@rfc2549.org>
X-Mailer: git-send-email 2.25.1
MIME-Version: 1.0
X-Spam-Report: Spam detection software,
 running on the system "util-spamd-2.v13.lw.sourceforge.com",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  We want to check if EARLY_NEG_START is set and reserve the
 other bits for future expansions. Right now we also check if all reserved
 bits are zero. oops. Signed-off-by: Arne Schwabe <arne@rfc2549.org> ---
 src/openvpn/mudp.c
 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
 Content analysis details:   (0.3 points, 6.0 required)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 0.0 SPF_NONE               SPF: sender does not publish an SPF Record
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level
 mail domains are different
X-Headers-End: 1ouv4b-0094LJ-Df
Subject: [Openvpn-devel] [PATCH] Fix logic error in checking early
 negotiation support check
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox

We want to check if EARLY_NEG_START is set and reserve the other bits
for future expansions. Right now we also check if all reserved bits are
zero. oops.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
---
 src/openvpn/mudp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c
index 7c6fc816e..bdf35a8ba 100644
--- a/src/openvpn/mudp.c
+++ b/src/openvpn/mudp.c
@@ -92,7 +92,7 @@ do_pre_decrypt_check(struct multi_context *m,
         ASSERT(packet_id_read(&pin, &tmp, true));
 
         /* The most significant byte is 0x0f if early negotiation is supported */
-        bool early_neg_support = (pin.id & EARLY_NEG_MASK) == EARLY_NEG_START;
+        bool early_neg_support = ((pin.id & EARLY_NEG_MASK) & EARLY_NEG_START) == EARLY_NEG_START;
 
         /* All clients that support early negotiation and tls-crypt are assumed
          * to also support resending the WKc in the 2nd packet */