From patchwork Mon Mar 25 18:04:53 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "plaisthos (Code Review)" X-Patchwork-Id: 3671 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:c315:b0:55c:c090:46f0 with SMTP id jk21csp2589198mab; Mon, 25 Mar 2024 11:05:38 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCXaDPdTBnoNrFv4OkalU04I522mLpuVxgJRSbp7Hi8yMx+kRLNEAv0MWdT4FllL4+7Bag4lKwgd8cxcnDf71iK6CZF696o= X-Google-Smtp-Source: AGHT+IGRHxi01BNvywrykpnUjXBSEg4bEdXBGLPW8/XaMPJUum5U+dxOAua7JX2Dj3WxaJhFFvw1 X-Received: by 2002:a05:6a20:3d06:b0:1a3:c3a1:b780 with SMTP id y6-20020a056a203d0600b001a3c3a1b780mr5820202pzi.1.1711389937967; Mon, 25 Mar 2024 11:05:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1711389937; cv=none; d=google.com; s=arc-20160816; b=VbmVRVLuD+o64FUfRy2CP+770uA302Jz9WB1kkfG/5t1LOoYSPLwcZBSCu36YKpOQZ 6AsDRfpvp5wny+NQV5RXNdAVdesCE3kxabTDQ1+bDNsOBOMYEVYycRSDZyd4IxszMXUG +bP8Fmb+l+Q+Z1b9eKMy7FAWWtVUp5V19WZ+tCc4A4JTKY9BW8znKx9CkJ+0JGc38Deh dgbHN/QpoJ2zMx2iwZAPMWSgQ8EEt+0Vw1vTvQRcGzRhc31GyISXf3Byeeo5R1vsq8Jg KGzcyGMMjoHfaH+U6WxbCY89MR6RymNPzWX9WsiDHKLkTYNKk7AAUo5e+TNrjG29+azN AiUg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:cc:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent :mime-version:message-id:references:auto-submitted:to:date:from :dkim-signature:dkim-signature:dkim-signature; bh=CjXZjHXXOXuNH9AhqkCctx18RbPfSB7zRRZXjq9gnOc=; fh=lm0MLPW7DntlrDqRECIiC9JlE1uPxhepE0URYHIf+eE=; b=XBYpexLehW45XAmJmAdbByeGgTvVMtG0LCpNkgl7Pl+AbI7ZvLhlKgnAM7WYxjxQoE kMBcNpxL4i0wNQBJn6ID21nYCbDShkKj4RG3/3ZvIl8nYh2bTfX+xPf5scKAarUNa7b5 H0/krNyH0FCek3dSrfwph76Y19dIW3yzl7zm+aO+EDe+iMRhaw/h20i273yDXG2cilL5 HwTLVDCl+hQHKq3gsCkHx7JBL1Wdw0Y5IGA3G/Xj9+xlhBh3e4ZH50Pzdf0P813Nzp4n Y/mm65XWrddNBdD2ROfnog3eHKN/Jv4rID4CLb28cfl9i1U9AH2iYhxcAEnvCEVQA4Xe kvug==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=bnorOjEN; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=SA59GZoY; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=GtK0BCFZ; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 84-20020a630257000000b005dc1e39fbeasi8275980pgc.80.2024.03.25.11.05.37 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 25 Mar 2024 11:05:37 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=bnorOjEN; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=SA59GZoY; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=GtK0BCFZ; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1rooh4-0000bF-Un; Mon, 25 Mar 2024 18:05:11 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1rooh3-0000b3-VV for openvpn-devel@lists.sourceforge.net; Mon, 25 Mar 2024 18:05:10 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date: From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help: List-Subscribe:List-Post:List-Owner:List-Archive; bh=qr4CQMgZA3D34UdSklb4N6uqTu+bBTFATHUtRT4yYK0=; b=bnorOjENNF70S2ZZqZSJ4CesBR Y0F3GsNsQcOpTrLEjf1Z+vd0mFr3ILbMtO76cAAmeI3BUSeSLZvwGMdJ9duPXDfo/fOPvoHcORaX5 vBxlT10tIxJcFR/5KSTVU4RlLDftdffmzETTaephPY6h+0DuYN6hzszA3JbakH0tnXmo=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To: References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post: List-Owner:List-Archive; bh=qr4CQMgZA3D34UdSklb4N6uqTu+bBTFATHUtRT4yYK0=; b=S A59GZoYUOABzECkZjgquGcvXopmQxUKO5BXibHYgRlkdxXwVgEzaYNvGpHD4l0/RKaZtWOac8yd3D IdPgxRb9LXpqGqNUSN9Cunrt8B4nMGTLz1WgAYdcL6v0cxqz4D/fQyUhDkXgv8zVgtFobNbb3jnOA +6fFpQhC841i6QTc=; Received: from mail-wr1-f53.google.com ([209.85.221.53]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1rooh0-00072L-Gd for openvpn-devel@lists.sourceforge.net; Mon, 25 Mar 2024 18:05:10 +0000 Received: by mail-wr1-f53.google.com with SMTP id ffacd0b85a97d-34005b5927eso3247817f8f.1 for ; Mon, 25 Mar 2024 11:05:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openvpn.net; s=google; t=1711389895; x=1711994695; darn=lists.sourceforge.net; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc :subject:date:message-id:reply-to; bh=qr4CQMgZA3D34UdSklb4N6uqTu+bBTFATHUtRT4yYK0=; b=GtK0BCFZmRkQp5HCSlaDv1R0G0YGaw+mP6F1i4HOI93R1ZBRI4P1FLmQKgU1F+jzV6 JI04XsYLSrdtq88me+OGs9y7to6vebVsqIvRcThvBvPfGE5d/qYE/R/Y3gDMmsAtdYKK zWl5OtQowhTF8N61AuyS/2q8P25iFpNa8xFmAenHeAjeYbZjDEWbXKYTwrmgtt4eeY57 Bx31v1vh5rBQhKsF06tJAsKTwdTG0cOT1VPcMFpu521Zgtbe1bc4OMNZOw2zwPVB52Bm lXmzpnmjj6dJNSFMGuB3Zxe+0dIksjF1QQjV8xejMbl6FgdMAGS9lt4G4GHM+j3R5K6u IEJA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711389895; x=1711994695; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=qr4CQMgZA3D34UdSklb4N6uqTu+bBTFATHUtRT4yYK0=; b=bsq6OYgBolGxBdlTGasiDyn/RmtmRGHlJoYyqU5aJu9+d9dl5Xpuym+Ku2WcLRzgR8 G6MDEFdl3kgtqEKkhNWrBp0gwXmsA6qr0162NI3+u3+doaZ+wjNt+zu3jS6Lw3cUOVLe 5A+5kdFpun18q/IihtRidPnBIgWB1IvKhleB1DrW8wEKX2r/ZQH7bBbrc8ZqpO1LjqHY Kw2gv4UK05VmD9VHu/Nhne5ZCU8qZ4hbHKmkRUU5hgVnL/58LajCkAHnvx4ccqV3y/B0 7DxHDYN8wx9xuV0nG5pNt5UJ2ZQdIvpLp1R4y7ZnrIQrpm6RFC1VAbfEDhJFD7l26YQK AJwQ== X-Gm-Message-State: AOJu0YwmjMXsMAZdGXlFCtVYwt83RceysIwGwQKfIofOJTOrh8ELJqbK 98pD5fSgnrWukoB4C1UCc7wZnJxxEmeyIpjiDl8p0xYxrPIQoosRQjZFTP6QMXjC25ruuBe59ch P X-Received: by 2002:a05:6000:18a1:b0:341:cf94:3fce with SMTP id b1-20020a05600018a100b00341cf943fcemr2026380wri.10.1711389894899; Mon, 25 Mar 2024 11:04:54 -0700 (PDT) Received: from gerrit.openvpn.in (ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78]) by smtp.gmail.com with ESMTPSA id s8-20020a5d69c8000000b0033e206a0a7asm10028868wrw.26.2024.03.25.11.04.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 25 Mar 2024 11:04:54 -0700 (PDT) From: "plaisthos (Code Review)" X-Google-Original-From: "plaisthos (Code Review)" X-Gerrit-PatchSet: 1 Date: Mon, 25 Mar 2024 18:04:53 +0000 To: flichtenheld Auto-Submitted: auto-generated X-Gerrit-MessageType: newchange X-Gerrit-Change-Id: If23988a05dd53a519c5e57f2aa3b2d10bd29df1d X-Gerrit-Change-Number: 549 X-Gerrit-Project: openvpn X-Gerrit-ChangeURL: X-Gerrit-Commit: 2ec996f7e33e26b2a806c2474a55a15cf1c55b0f References: Message-ID: MIME-Version: 1.0 User-Agent: Gerrit/3.8.2 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Attention is currently required from: flichtenheld. Hello flichtenheld, I'd like you to do a code review. Please visit Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.221.53 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.221.53 listed in wl.mailspike.net] 0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML X-Headers-End: 1rooh0-00072L-Gd Subject: [Openvpn-devel] [S] Change in openvpn[master]: Fix snprintf/swnprintf related compiler warnings X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: arne-openvpn@rfc2549.org, openvpn-devel@lists.sourceforge.net, frank@lichtenheld.com Cc: openvpn-devel Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1794522415442629340?= X-GMAIL-MSGID: =?utf-8?q?1794522415442629340?= X-getmail-filter-classifier: gerrit message type newchange Attention is currently required from: flichtenheld. Hello flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/549?usp=email to review the following change. Change subject: Fix snprintf/swnprintf related compiler warnings ...................................................................... Fix snprintf/swnprintf related compiler warnings When openvpn_snprintf is replaced by snprintf the GCC/MSVC compiler will perform additional checks that the result is not truncated. This warning can be avoid by either explicitly the return value of snprintf (proxy) or ensuring that it is never truncated(tls crypt) Change-Id: If23988a05dd53a519c5e57f2aa3b2d10bd29df1d Signed-off-by: Arne Schwabe --- M src/openvpn/proxy.c M src/openvpn/socks.c M src/openvpn/ssl_openssl.c M src/openvpn/tls_crypt.c M src/openvpnserv/interactive.c 5 files changed, 25 insertions(+), 17 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/49/549/1 diff --git a/src/openvpn/proxy.c b/src/openvpn/proxy.c index c904301..5c1cdcb 100644 --- a/src/openvpn/proxy.c +++ b/src/openvpn/proxy.c @@ -948,17 +948,21 @@ } /* send digest response */ - openvpn_snprintf(buf, sizeof(buf), "Proxy-Authorization: Digest username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s\", qop=%s, nc=%s, cnonce=\"%s\", response=\"%s\"%s", - username, - realm, - nonce, - uri, - qop, - nonce_count, - cnonce, - response, - opaque_kv - ); + int sret = openvpn_snprintf(buf, sizeof(buf), "Proxy-Authorization: Digest username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s\", qop=%s, nc=%s, cnonce=\"%s\", response=\"%s\"%s", + username, + realm, + nonce, + uri, + qop, + nonce_count, + cnonce, + response, + opaque_kv + ); + if (sret >= sizeof(buf)) + { + goto error; + } msg(D_PROXY, "Send to HTTP proxy: '%s'", buf); if (!send_line_crlf(sd, buf)) { diff --git a/src/openvpn/socks.c b/src/openvpn/socks.c index d842666..b046910 100644 --- a/src/openvpn/socks.c +++ b/src/openvpn/socks.c @@ -109,8 +109,11 @@ "Authentication not possible."); goto cleanup; } - openvpn_snprintf(to_send, sizeof(to_send), "\x01%c%s%c%s", (int) strlen(creds.username), - creds.username, (int) strlen(creds.password), creds.password); + int sret = openvpn_snprintf(to_send, sizeof(to_send), "\x01%c%s%c%s", + (int) strlen(creds.username), creds.username, + (int) strlen(creds.password), creds.password); + ASSERT(sret <= sizeof(to_send)); + size = send(sd, to_send, strlen(to_send), MSG_NOSIGNAL); if (size != strlen(to_send)) diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index 4383e98..6f29c3d 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -2069,7 +2069,7 @@ #endif #ifndef OPENSSL_NO_EC - char groupname[256]; + char groupname[64]; if (is_ec) { size_t len; @@ -2130,7 +2130,7 @@ print_cert_details(X509 *cert, char *buf, size_t buflen) { EVP_PKEY *pkey = X509_get_pubkey(cert); - char pkeybuf[128] = { 0 }; + char pkeybuf[64] = { 0 }; print_pkey_details(pkey, pkeybuf, sizeof(pkeybuf)); char sig[128] = { 0 }; diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c index 975d31f..6ef1c7d 100644 --- a/src/openvpn/tls_crypt.c +++ b/src/openvpn/tls_crypt.c @@ -575,7 +575,7 @@ char metadata_type_str[4] = { 0 }; /* Max value: 255 */ openvpn_snprintf(metadata_type_str, sizeof(metadata_type_str), - "%i", metadata_type); + "%i", (uint8_t) metadata_type); struct env_set *es = env_set_create(NULL); setenv_str(es, "script_type", "tls-crypt-v2-verify"); setenv_str(es, "metadata_type", metadata_type_str); diff --git a/src/openvpnserv/interactive.c b/src/openvpnserv/interactive.c index 452633c..d32223c 100644 --- a/src/openvpnserv/interactive.c +++ b/src/openvpnserv/interactive.c @@ -33,6 +33,7 @@ #include #include #include +#include #include @@ -2002,7 +2003,7 @@ ReturnLastError(pipe, L"malloc"); goto out; } - openvpn_swprintf(cmdline, cmdline_size, L"openvpn %ls --msg-channel %lu", + openvpn_swprintf(cmdline, cmdline_size, L"openvpn %ls --msg-channel %" PRIuPTR, sud.options, svc_pipe); if (!CreateEnvironmentBlock(&user_env, imp_token, FALSE))