From patchwork Tue May 9 17:05:17 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Selva Nair X-Patchwork-Id: 3206 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:7b9a:b0:c3:1364:a2a2 with SMTP id j26csp3074165dyk; Tue, 9 May 2023 10:05:56 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4YRm7N0X8Wc2gxbAnAZGoZqGPnZ/VG2EfHjeH4LuHhvRGi5zMM0oi4vYYNs/3GTP8/1KTf X-Received: by 2002:a6b:c34b:0:b0:76c:27ac:5952 with SMTP id t72-20020a6bc34b000000b0076c27ac5952mr7433281iof.10.1683651955789; Tue, 09 May 2023 10:05:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1683651955; cv=none; d=google.com; s=arc-20160816; b=axIlKT0QtWaxpWAcIlaqzN3qVPQRIDX6cpGtOsvehd8jWtWvgr+OSpBrpbF9aCUlD4 USYsQl9m2fr3POXDxUm5681U2ELwjKJ+fdB5Li5moIkafOhry1oaxu9S766jG/5B9GAF QYYHjYUc3H3mjKjlQeRew8WLKPbUl8qQ/arElvLSYHCvdysdZeEpD+Qte/+yuWd/091P QBlW4VOuTyErm0NFn7Tu7s7qq8T9Lnt83zvxVBxgm533I+TUxtFgDdu89xgke+GCpBpE bgkWNdz1e3LcvC9CwNxkgeKhxbtfLnCPSOGEr5k1yQ0t5Va7ID7cn38rekCoq2nCq6yF zMOQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:message-id:date:to:from:dkim-signature:dkim-signature :dkim-signature; bh=T52XEpZCYumer4tMfiHfqjq3YDC1o0ad3QZ65G8FiCM=; b=dlZnHVma+RsvGMFllO3E4L0cmCyCjqSWbz5T+SOuuIqBEZGhs4S/K1Xw8RtGAVWAhV IQmXMzxqkkpzlg9J9Bb/k5OaaLtMx1gxcMrXvLixFSBe6HhnFwCtWUwfFOfYgO+dvo9C ZAoYzjgbW/KO2F8AELaW6+RnzzMFhcBAUiCCsh8itCO2kel8XssI9A5clHEZb5+5fKYd 4ggQ8GaHZ2GSsRLHrBhxvsWTQ5a04FAJNi7Gs7PkjYbZ9lfxby1YtEeyyimgR/smxfiA 6J6LVYdUP8QDVyfgJrk9+hKv0iZeIgw2RYF5Ee10WTQPtkhLXR4FgobKZShpHrBwPIjx wLCQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=jOgDGyf7; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=L8tq43Mc; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20221208 header.b=oDX6iMv3; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id n23-20020a6bf617000000b00760beb2eb93si5264739ioh.31.2023.05.09.10.05.55 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 09 May 2023 10:05:55 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=jOgDGyf7; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=L8tq43Mc; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20221208 header.b=oDX6iMv3; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1pwQmJ-0000NL-3V; Tue, 09 May 2023 17:05:31 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1pwQmH-0000NE-MF for openvpn-devel@lists.sourceforge.net; Tue, 09 May 2023 17:05:30 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=7rFn+uESWbRkP1OsW6Ae9IxOGeOYcJ7KJzWw60C96AQ=; b=jOgDGyf7TnU5lMAvCTgauPtnIH 7ZwIkgv+hw/t3zmM6UO++35AZpKp60RA8oaGSS62HgBsdqqjT2BIdoctRv+/54sdCShDrvVP8ibuf XqZmL0PNuusqzqBxwB4YDpLF9ftuSCXCn8lfHzh+QQm6CVJV5kZ4bOe6uKN91XNr1zZY=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:Cc:To:From :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=7rFn+uESWbRkP1OsW6Ae9IxOGeOYcJ7KJzWw60C96AQ=; b=L 8tq43McC0GKLpcTrLe1dmW8a81g99x0oDsf3IMvAqlsa0ouqlFAuKbGxzph5mxet+xi7x3lvpXz/V FbM0ilZToGFgrnwjFj1UBOZZvE+1zcQVMDYzKXlB0nOiUrP6gyXZ7+T22moNovv3tMql/HBhLCGZo xCD6+IPwG5WK6Tjo=; Received: from mail-yw1-f173.google.com ([209.85.128.173]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1pwQmF-0002nG-8w for openvpn-devel@lists.sourceforge.net; Tue, 09 May 2023 17:05:30 +0000 Received: by mail-yw1-f173.google.com with SMTP id 00721157ae682-55aa9bcde31so8376457b3.0 for ; Tue, 09 May 2023 10:05:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1683651921; x=1686243921; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=7rFn+uESWbRkP1OsW6Ae9IxOGeOYcJ7KJzWw60C96AQ=; b=oDX6iMv3c+nuy39OQlpB2npntOMwyMsZrWrWJX8LIlcSQzoswt/P0SQ2JHTRmSEl5m rfxRpRNDPy+eMz6DdbGIZDwtr4It02VnBu//4xK/PpnAc+wgpexD2nEAPfeXXQ6AqP3D Qk2CgoxvytAUhUoP4MAbyg1ySr4pFrz3rUtMpWeMLarS6anHDFTVKSXrXLlTS5y1HwMC ndrBizVgL1gFCLL0HO3GOZ3mXMiSeNFLEO1gAmNeQ7cDkCb7W9DQ8mJyP8rIz3uHwyac SyXmU4TVfA3fr5f2/ez7JbvT7g4IVU6+Skx8KI2yghuV5zpD6PFsD4d+XZPRF6Ju/zK2 cS+g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683651921; x=1686243921; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=7rFn+uESWbRkP1OsW6Ae9IxOGeOYcJ7KJzWw60C96AQ=; b=PrI8+gPcK38NfdIawCjefZRfs+MY+o06mnUume+XkP+r5cJGa9Gl6i87c1lmGjkRWU F5pzE2nD32rocQWM6lRlTUblacr7rE1A94LIja59TDgbalb4lrSLWvOs3FbEXPbzIk43 V+cGoU4rddjKl0zN2LDXrugcl6taEI9ulJKvDH5Q1sHonMMlTncZ99yvTPBPbdAorLMS 49BoV7f90J71awKx7mADgMDuyk7GtUUyMuhf67HZegS5N38nUkORszm64VXstu7nAx3n Ukir0ToD1pFy/KZDx49U5buL3y1U1yxs9/SauPXO9VLyhCjg2VXzZ4B0tUD7MAwS30dE KK1g== X-Gm-Message-State: AC+VfDwvijZy0UfnK36oH4F0FmburDUkDmvFT90zyhEMy5zutdz1jwSO 4jVhGsoinWc/cwhsVJW+VBV5T4bDzus= X-Received: by 2002:a81:1ad7:0:b0:55d:9a9c:f19e with SMTP id a206-20020a811ad7000000b0055d9a9cf19emr15073444ywa.0.1683651921228; Tue, 09 May 2023 10:05:21 -0700 (PDT) Received: from uranus.sansel.ca (bras-vprn-tnhlon4053w-lp130-01-70-51-222-24.dsl.bell.ca. [70.51.222.24]) by smtp.gmail.com with ESMTPSA id s126-20020a815e84000000b0054c0c9e4043sm3412151ywb.95.2023.05.09.10.05.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 May 2023 10:05:20 -0700 (PDT) From: selva.nair@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Tue, 9 May 2023 13:05:17 -0400 Message-Id: <20230509170517.2637245-1-selva.nair@gmail.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Selva Nair Github: Fixes OpenVPN/openvpn#323 Signed-off-by: Selva Nair --- This will fix #323 is my best guess, untested as yet.. This is a bug that needs fixing, regardless. Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [selva.nair[at]gmail.com] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.128.173 listed in list.dnswl.org] -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.128.173 listed in wl.mailspike.net] -0.0 T_SCC_BODY_TEXT_LINE No description available. X-Headers-End: 1pwQmF-0002nG-8w Subject: [Openvpn-devel] [PATCH] Bugfix: dangling pointer passed to pkcs11-helper X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1765437033270451712?= X-GMAIL-MSGID: =?utf-8?q?1765437033270451712?= From: Selva Nair Github: Fixes OpenVPN/openvpn#323 Signed-off-by: Selva Nair Acked-by: Gert Doering --- This will fix #323 is my best guess, untested as yet.. This is a bug that needs fixing, regardless. src/openvpn/pkcs11_openssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/openvpn/pkcs11_openssl.c b/src/openvpn/pkcs11_openssl.c index eee86e17..9b0ab39f 100644 --- a/src/openvpn/pkcs11_openssl.c +++ b/src/openvpn/pkcs11_openssl.c @@ -165,6 +165,7 @@ xkey_pkcs11h_sign(void *handle, unsigned char *sig, { pkcs11h_certificate_t cert = handle; CK_MECHANISM mech = {CKM_RSA_PKCS, NULL, 0}; /* default value */ + CK_RSA_PKCS_PSS_PARAMS pss_params = {0}; unsigned char buf[EVP_MAX_MD_SIZE]; size_t buflen; @@ -203,7 +204,6 @@ xkey_pkcs11h_sign(void *handle, unsigned char *sig, } else if (!strcmp(sigalg.padmode, "pss")) { - CK_RSA_PKCS_PSS_PARAMS pss_params = {0}; mech.mechanism = CKM_RSA_PKCS_PSS; if (!set_pss_params(&pss_params, sigalg, cert))