From patchwork Mon Jan 13 11:22:26 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4049 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:b7cb:b0:5e7:b9eb:58e8 with SMTP id en11csp1576536mab; Mon, 13 Jan 2025 03:23:02 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCXvzgCR/SZGlljVRI5WhZayFqlScqM1wBakzujpVanI7s2tvlr2b+SclCX+nyCvCTLNmCFtflEc0rs=@openvpn.net X-Google-Smtp-Source: AGHT+IFOlVJHuOpFbtUI895SzHDfwz4ZI1/Jye4n7i5IcuY6Tu1eazPL9WKv4JP728sAGphEL5k2 X-Received: by 2002:a05:6830:3509:b0:713:7e24:6151 with SMTP id 46e09a7af769-721e2ef5e5fmr14102875a34.25.1736767382202; Mon, 13 Jan 2025 03:23:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1736767382; cv=none; d=google.com; s=arc-20240605; b=a4fRAx2gMnRjnIXG+9eWAwUkSGo8gxtHkkQpzcSKu2BV81TcvfjdXhNXrxk65XXlUk GWGvVHMdgGGDSVhW3bxPOPnIxqoRNPFwC6GdOoD9k6W+hBkhB7KHcDVECU0p1rskU51W kFXLtInccft0EENFhyNhmj0puA5K/cLj0rs8inP5IDaxhgf8io52b2ogmAtTybjg8ubM zwKKAHBnJpy/T+fJr1hBXlGSqRGplb81xIcIouWXBjXyThFBoK71xvKEpBHB7LtKj8Tl 5Neg3SfMq2bITn6QrxiEOCfDcQXFXL363GwJ6VD60C3N5PLMMSzDSYgi3YmLduP2kKA0 RbVw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature; bh=4hyFORMj6tVVFGd3+HFuTkauqRL+BgOUcos4HoeK7gQ=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=D6dsLyHtaBjmFTbs29LEeNWr34qjGHVXvXr+9+/ViKijXSM85ME1Xe/feTBhsjl8xg JrtpP38cWf9IfJDSXC/N+MSgAvUKFJR6vnjLWGMiq2QpmLJjfHwwt1bw3d79CwhNkfaq Xf2FqLhv/9Uet/R37y7lsA6Q6fVkB7168Z4zOGFYVy+GFrbdxvm0Ku1ZtRqig0M6e4Cw tV+vMdFjpqpUOC9Kp2iKIm3219I9sNLR0/JCFV8C3ofA8YR09JDXbYyG/DxLh3l1MdHa SQHVg2g56gEuclaq6MCJvlCMGctcYW2CX4d3JfdUEL2c994FRRXoYqSlpMLGkYAvkDtx LGmw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=LWVzrf8W; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=VueUs3Uo; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 46e09a7af769-723186693a9si7633328a34.288.2025.01.13.03.23.01 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 13 Jan 2025 03:23:01 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=LWVzrf8W; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=VueUs3Uo; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1tXIX1-0002j0-27; Mon, 13 Jan 2025 11:22:55 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tXIWn-0002ik-2q for openvpn-devel@lists.sourceforge.net; Mon, 13 Jan 2025 11:22:41 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=VlIRYWnP7UvwlQPCArYKNUFozHc5r8Hc9TKAVvRCpZQ=; b=LWVzrf8WxPB6BfWKDj3Mw0+QTI yJC3p4wz7jcmfvCuFBzMWnStoLhjpBmHfJ2IhRK8R8G0A6yLVBolO0fH902AbvYJUvodzjJwg3UwZ UGjLDKYat+mg6tLlD6N/ooniuTxH0IW7nTeiMjP2AuYQsAzVGFVS26r+8hVjSYe4PBz0=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=VlIRYWnP7UvwlQPCArYKNUFozHc5r8Hc9TKAVvRCpZQ=; b=VueUs3UoDFpmDXFjlYJ5gIiQCZ m1CViz7iq3hJfbqVxsFVLgCxZo9Ld2LKVVNAsafb2WlOycTYdm0BzGLxxZbHuKHQnoFfZfPzhRAz8 5Cm+tnOkZ7EAT61t1gzLOwFxfBvlOxdSmrR6DyqmfI+xr3YnNu5B5+hb+18bkq3HRXMA=; Received: from dhcp-174.greenie.muc.de ([193.149.48.174] helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1tXIWm-00072R-1H for openvpn-devel@lists.sourceforge.net; Mon, 13 Jan 2025 11:22:41 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.17.1.9/8.17.1.9) with ESMTP id 50DBMREd017738 for ; Mon, 13 Jan 2025 12:22:27 +0100 Received: (from gert@localhost) by blue.greenie.muc.de (8.17.1.9/8.17.1.9/Submit) id 50DBMR9J017737 for openvpn-devel@lists.sourceforge.net; Mon, 13 Jan 2025 12:22:27 +0100 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Mon, 13 Jan 2025 12:22:26 +0100 Message-ID: <20250113112226.17728-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.45.2 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 0.0 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Frank Lichtenheld Coverity complains that if we error out in the first error condition we try to free gc without initializing it. While here move the declaration of outlen to the first usage. Content analysis details: (0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [193.149.48.174 listed in sa-trusted.bondedsender.org] 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [193.149.48.174 listed in bl.score.senderscore.com] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 SPF_HELO_PASS SPF: HELO matches SPF record X-Headers-End: 1tXIWm-00072R-1H Subject: [Openvpn-devel] [PATCH v1] Fix "uninitialized pointer read" in openvpn_decrypt_aead X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1821132594869156182?= X-GMAIL-MSGID: =?utf-8?q?1821132594869156182?= From: Frank Lichtenheld Coverity complains that if we error out in the first error condition we try to free gc without initializing it. While here move the declaration of outlen to the first usage. Change-Id: I0391f30a1e962ee242e9bcdec4f605bf7e831cca Signed-off-by: Frank Lichtenheld Acked-by: Antonio Quartulli --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/858 This mail reflects revision 1 of this Change. Acked-by according to Gerrit (reflected above): Antonio Quartulli diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index 84ec436..dbd95a8 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -406,17 +406,15 @@ static const char error_prefix[] = "AEAD Decrypt error"; struct packet_id_net pin = { 0 }; struct key_ctx *ctx = &opt->key_ctx_bi.decrypt; + struct gc_arena gc; + + gc_init(&gc); if (cipher_decrypt_verify_fail_exceeded(ctx)) { CRYPT_DROP("Decryption failed verification limit reached."); } - int outlen; - struct gc_arena gc; - - gc_init(&gc); - ASSERT(opt); ASSERT(frame); ASSERT(buf->len > 0); @@ -506,6 +504,8 @@ dmsg(D_PACKET_CONTENT, "DECRYPT AD: %s", format_hex(ad_start, ad_size, 0, &gc)); + int outlen; + /* Decrypt and authenticate packet */ if (!cipher_ctx_update(ctx->cipher, BPTR(&work), &outlen, BPTR(buf), data_len))