From patchwork Mon Sep 22 20:43:23 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4437 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:c08a:b0:72f:f16c:e055 with SMTP id jr10csp459789mab; Mon, 22 Sep 2025 13:43:45 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCXgjqsBxKDJgT9IRDZnVKbQJzaTd/t3NDevBZu9h8Wj5hv5qXXn9mKgM9XpT2nm0kkuJO97zAoJ9qo=@openvpn.net X-Google-Smtp-Source: AGHT+IHPzlR5DSegvQJLpzktHsjO1Z6XViRKmoAHu3Urs0CgNKQZF2I9CDBL/2BGGgdtd1vm6U/1 X-Received: by 2002:a05:6870:cd8d:b0:2ff:a27f:9c67 with SMTP id 586e51a60fabf-34c891dbdd4mr96093fac.30.1758573825472; Mon, 22 Sep 2025 13:43:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1758573825; cv=none; d=google.com; s=arc-20240605; b=UAOoAX9EzVuKdxdrh5xMh1SPoLe5NzMQJfcK2j7gCaBVo+Kk9DSZAKiiPGcqjEByHl QtN+zKCTSaPe3Bu3cjpsTie0rCnCwkWtouXFXyvwtDJYmGoQdseEQ1T6kkigQ+JlZp9q vwElqZHrb3zBtPixf4zU8yvJXnldOHiRzlqjDdIiqJtenqHkK0vQzpehdDxwYzySAO8a SMn4nCyrdC81OpLEgboVqqjgaQti2rSgqgbltiGcl1YmQhkodybV3L9j9E2kAuH/AXB0 np66xr9NM+5n5qRKF/spdjMgOT9wyMxe6CqYBgNtAH9rplJ7clAjrEQ2V1zzSt2GmPqw sM6g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=ioAgdwI2SHgz6NWW/mY1xlmDcxU3vkjy6T4nR51tgdU=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=CfKaBB4w0/cP6D6mPY5xguIF7KpvjMzOO+VhIofgZeBcOuvHclr0KQrATnvbWZur72 z6G9NV7WyktCrLsxR+g/1+QZm96eEA3Q+PaiF+waGRccQ+2ilER13lgvDpRVdrO+6rqx a15Dl6YKKwz0vokYjmI5WpdtQ3LuTKV7Cux3/Xl81RamfoxJIrLEdH9/FgO/pgTioG3d DIl2qTvqiugSNGWNyRxdn0BFGM9+xe9xEKDGAudaT5m1IfG80F24rgL2DEJMpGCMXRY3 n2jzvwzrl3CA9s1EXTFe5lWB4ZpSSGu6PA9flTVVQBNL7x5cvZbDHjt34CffZPIt1WjC bSZg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=chhKx2tW; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=CrPxT7Ac; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=EwOwbnop; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 46e09a7af769-78da721def3si401344a34.151.2025.09.22.13.43.45 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 22 Sep 2025 13:43:45 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=chhKx2tW; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=CrPxT7Ac; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=EwOwbnop; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=ioAgdwI2SHgz6NWW/mY1xlmDcxU3vkjy6T4nR51tgdU=; b=chhKx2tWIv49IkAdpa+irzyNTN JggTbwNk7L7UFq7D3H5IV+FmhHbwGQVhmOjFrPBm+oZsY47BjY2xd1ZYMT7ujKfj3ex/FgQHpqSNn BMu/TFKAlXiWrRR6hTmDRb89gwmoSa3F/7xYDwq7l3Nddh/yrIeTeTnEWyZbRChiUqNE=; Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1v0nNv-0006SB-H0; Mon, 22 Sep 2025 20:43:43 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1v0nNu-0006S5-H3 for openvpn-devel@lists.sourceforge.net; Mon, 22 Sep 2025 20:43:42 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=eQQWXXjPm4a61Mu6N663aYgJapsVPYyAD2NxAlDtxyE=; b=CrPxT7Ac4FQK5Ag1t+ynl+2WxT 0mBajTa+NO+1JVmn54jmp/osDi+I10oGTh6x1DQFllyxW9iLTgKNLcu5WKSFUeCE3dhjc+vn1NZsU Zu6diclVwD3MYBRWcJaJT02vpuXN5IReOoHppAI0BK5KuzWKbhK3V3AFgiHWNwEUb3Oo=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=eQQWXXjPm4a61Mu6N663aYgJapsVPYyAD2NxAlDtxyE=; b=EwOwbnopm7HYa3dFmgBDfbqlgZ rjxkLtuqs7aZn4tcr+Ev87pD1vmbbql10g/ifzMbSGXveTOfGnZi/XoTAv6cIKNBuq8eqruYbUZPI Rvymhq0sbPQYudv11K2xZt1BkSNVWpR4/oGHXUu61skOMqdgmuVY6ELuvgtjI1cRGl8A=; Received: from [193.149.48.134] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1v0nNt-0004Rg-7U for openvpn-devel@lists.sourceforge.net; Mon, 22 Sep 2025 20:43:42 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 58MKhTZv023478 for ; Mon, 22 Sep 2025 22:43:29 +0200 Received: (from gert@localhost) by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 58MKhTYC023477 for openvpn-devel@lists.sourceforge.net; Mon, 22 Sep 2025 22:43:29 +0200 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Mon, 22 Sep 2025 22:43:23 +0200 Message-ID: <20250922204329.23460-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.49.1 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-1.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Frank Lichtenheld Fix conversion warnings without actual code changes. Change-Id: If971006b6d3a1a93d87b29627d91dd72faf5ceb2 Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering Gerrit URL: https://gerrit.openvpn.net/c/open [...] Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1v0nNt-0004Rg-7U Subject: [Openvpn-devel] [PATCH v9] ssl_verify: Change backend_x509_* functions to size_t for lengths X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1843998307405271580?= X-GMAIL-MSGID: =?utf-8?q?1843998307405271580?= From: Frank Lichtenheld Fix conversion warnings without actual code changes. Change-Id: If971006b6d3a1a93d87b29627d91dd72faf5ceb2 Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1138 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1138 This mail reflects revision 9 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering diff --git a/src/openvpn/ssl_verify_backend.h b/src/openvpn/ssl_verify_backend.h index a0559c9..c6ab9dd 100644 --- a/src/openvpn/ssl_verify_backend.h +++ b/src/openvpn/ssl_verify_backend.h @@ -123,7 +123,7 @@ * * @return \c FAILURE, \c or SUCCESS */ -result_t backend_x509_get_username(char *common_name, int cn_len, char *x509_username_field, +result_t backend_x509_get_username(char *common_name, size_t cn_len, char *x509_username_field, openvpn_x509_cert_t *peer_cert); #ifdef ENABLE_X509ALTUSERNAME diff --git a/src/openvpn/ssl_verify_mbedtls.c b/src/openvpn/ssl_verify_mbedtls.c index cfcfb25..986c7da 100644 --- a/src/openvpn/ssl_verify_mbedtls.c +++ b/src/openvpn/ssl_verify_mbedtls.c @@ -128,7 +128,7 @@ #endif result_t -backend_x509_get_username(char *cn, int cn_len, char *x509_username_field, mbedtls_x509_crt *cert) +backend_x509_get_username(char *cn, size_t cn_len, char *x509_username_field, mbedtls_x509_crt *cert) { mbedtls_x509_name *name; diff --git a/src/openvpn/ssl_verify_openssl.c b/src/openvpn/ssl_verify_openssl.c index b79b09b..5bbd72c 100644 --- a/src/openvpn/ssl_verify_openssl.c +++ b/src/openvpn/ssl_verify_openssl.c @@ -120,7 +120,7 @@ } static bool -extract_x509_extension(X509 *cert, char *fieldname, char *out, int size) +extract_x509_extension(X509 *cert, char *fieldname, char *out, size_t size) { bool retval = false; char *buf = 0; @@ -195,7 +195,7 @@ * to contain result is grounds for error). */ static result_t -extract_x509_field_ssl(X509_NAME *x509, const char *field_name, char *out, int size) +extract_x509_field_ssl(X509_NAME *x509, const char *field_name, char *out, size_t size) { int lastpos = -1; int tmp = -1; @@ -252,7 +252,7 @@ } result_t -backend_x509_get_username(char *common_name, int cn_len, char *x509_username_field, X509 *peer_cert) +backend_x509_get_username(char *common_name, size_t cn_len, char *x509_username_field, X509 *peer_cert) { #ifdef ENABLE_X509ALTUSERNAME if (strncmp("ext:", x509_username_field, 4) == 0)