From patchwork Sun Nov 9 15:44:31 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4575 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:33c4:b0:7b1:439f:bdf with SMTP id u4csp681916maf; Sun, 9 Nov 2025 07:44:57 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCXYKCwIabuqI8CehaGiJ22CyJyAgTBI81EwygsNecxf+6LzqUdGfgwVvdMELzi0gjH9OFZerexRQz0=@openvpn.net X-Google-Smtp-Source: AGHT+IHvBTplyzQTJwBzxqEtZrbpOmf7BulHjzCxVnQ4TQsjQN/56GT0fdQb3eewVJOs7BPd1/oB X-Received: by 2002:a05:6808:220b:b0:441:8f74:fd5 with SMTP id 5614622812f47-4502a4b44d3mr2486529b6e.66.1762703096816; Sun, 09 Nov 2025 07:44:56 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1762703096; cv=none; d=google.com; s=arc-20240605; b=VbkQANBSJ4BYVRVSjYf3S0cGEOblM+0lFGOGLvq5sQJs6Dwk+JpNAIxWNcutetfTKm A0oK5Gopn1N8hwqeIGmr6i1GtBQB9fBcRdHAEzNlV6NqyxCI6tYPnzVBtZZN4joO+u/B B9ru4uvmKYzg7xG72GlwBmYmuH08Ob6iqtP/toXZOAhXGnUmoH+ECBQ9xnats4CEMR3n 4ynnk1GxoIKDTW5cm+BdISv5JU/7sXWBbYDNIewnHV3qjrNQqukvBm1rsyJLGbNv07ml VEeocMKPRVtFRHM7vZEC1fqu+KkW1xOlQqCVa0MBOYavniO/CX0Gry6lxcoR6owZVMn3 Wuog== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=IMwIBOT4H7wdMLFUqTImIpagPSOa0Rw6PvQBLBa72vw=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=FKQwPnIg7UwnU/dOiiJtiagk3xGsQvw6D9V3j6mMjhJtEKbacESxF0jHEtz9nG8oL0 GmnhTdEPHRQJJWxAt1JJKcl8Z05+ht96Y7WW/0v+0IdRdUw+yi3La0qQhd5+6/P4W3op Oa90okyVJb+NWSn5E5NNVebBv7BvEU8xy2Smzy1y+O/5T2f1jitXYb4exCNI30uZFnRv NfvgKk5igdNrJMAI2YRE0OlKrZ2Ao4qPfLzG9fVCyseV4vWmEW5lW0dxCCYs1++qHXwP 4D6atHPrgsKfMh91fEk08zll+li9T1KcwundyRy1N2Ri0ix9hdgcQkHPmFZlur6MF9ky Uk4w==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=djydjkHc; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=JcWhdJHV; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=mfW2Um+c; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 5614622812f47-4500274afadsi3514147b6e.3.2025.11.09.07.44.56 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 09 Nov 2025 07:44:56 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=djydjkHc; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=JcWhdJHV; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=mfW2Um+c; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=IMwIBOT4H7wdMLFUqTImIpagPSOa0Rw6PvQBLBa72vw=; b=djydjkHc94zdtKaTbvaHaM4BDJ xgdnfTeJvlay6DBf+Rp6a1pLDtQfDWevIspOsTnojFA+AxHq5eRs78gv4A9/gMzp5NYSnvV9Z+JPP 157IF9yZUu1Ip+Dv0jPUSG9JIVItCmj+504BxEW79YMA96qcw0OZEy73967sMIGymPHk=; Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1vI7b2-0002aD-VB; Sun, 09 Nov 2025 15:44:52 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1vI7b1-0002a6-Td for openvpn-devel@lists.sourceforge.net; Sun, 09 Nov 2025 15:44:51 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=UR6q1jTmqrwMpCxPFf+oNifC4hOhAUzkLD5USGlkWi4=; b=JcWhdJHVVv1lDF08OdzYsMttbN KsrsDs8IssFC/ZgUiTdodWEaBzmSQ8202BHQ6mjE1bu2NNinnGu4sQ5isw9og3WhaooQ+O0YugQg9 wBwVj9cbnzSvNBFg7Thcz4CwTueBjy0WZZwMTd9G54NIw/Z9UZ2rjK03r6+i+6F2rRuw=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=UR6q1jTmqrwMpCxPFf+oNifC4hOhAUzkLD5USGlkWi4=; b=mfW2Um+cQcOJbREBrWTFY9E2Y2 +Jrsm6xQZANyw64KaTg0x8EMytV4/NWQ2n8YJd/OZDgMtHxAfFyMMLYWhVfs2gOS9ECjy4bbATu8L YjVrRqE68c6olle/R422QurfxjombNTEJXRUery+P1Ce2VEFe+2wgl8DSeS+NerqMh9Q=; Received: from [193.149.48.134] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1vI7b0-0000bU-QO for openvpn-devel@lists.sourceforge.net; Sun, 09 Nov 2025 15:44:51 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 5A9FicX5015480 for ; Sun, 9 Nov 2025 16:44:38 +0100 Received: (from gert@localhost) by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 5A9Ficql015479 for openvpn-devel@lists.sourceforge.net; Sun, 9 Nov 2025 16:44:38 +0100 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Sun, 9 Nov 2025 16:44:31 +0100 Message-ID: <20251109154438.15464-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.49.1 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Heiko Hund At least in the case of the config dir this matters, since the value is used to validate input data for the interactive service. A missing \ at the end would allow a string compare to succeed, if the [...] Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1vI7b0-0000bU-QO Subject: [Openvpn-devel] [PATCH v7] iservice: make sure directories have trailing \ X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1848328162177163266?= X-GMAIL-MSGID: =?utf-8?q?1848328162177163266?= From: Heiko Hund At least in the case of the config dir this matters, since the value is used to validate input data for the interactive service. A missing \ at the end would allow a string compare to succeed, if the last element of the path to compare starts with the same substring. The trailing slash ensures that the last element of a path must match completely. Change-Id: If28e66fcc3493821f78fd14d432b22b996918e8f Signed-off-by: Heiko Hund Acked-by: Lev Stipakov Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1336 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1336 This mail reflects revision 7 of this Change. Acked-by according to Gerrit (reflected above): Lev Stipakov diff --git a/src/openvpnserv/common.c b/src/openvpnserv/common.c index d25d9c0..b1c89c9 100644 --- a/src/openvpnserv/common.c +++ b/src/openvpnserv/common.c @@ -24,6 +24,8 @@ #include "validate.h" #include "eventmsg.h" +#include + LPCWSTR service_instance = L""; static wchar_t win_sys_path[MAX_PATH]; @@ -54,6 +56,22 @@ } +/** + * Make sure that a dir path ends with a backslash. + * If it doesn't, a \ is added to the end of the path, if there's room in the buffer. + * + * @param dir pointer to the wide dir path string buffer + * @param size maximum number of wide chars the dir path buffer + * @return BOOL to indicate success or failure + */ +static BOOL +ensure_trailing_backslash(PWSTR dir, size_t size) +{ + HRESULT res = PathCchAddBackslash(dir, size); + return (res == S_OK || res == S_FALSE) ? TRUE : FALSE; +} + + DWORD GetOpenvpnSettings(settings_t *s) { @@ -90,16 +108,16 @@ goto out; } - swprintf(default_value, _countof(default_value), L"%ls\\config", install_path); + swprintf(default_value, _countof(default_value), L"%ls\\config\\", install_path); error = GetRegString(key, L"config_dir", s->config_dir, sizeof(s->config_dir), default_value); - if (error != ERROR_SUCCESS) + if (error != ERROR_SUCCESS || !ensure_trailing_backslash(s->config_dir, _countof(s->config_dir))) { goto out; } - swprintf(default_value, _countof(default_value), L"%ls\\bin", install_path); + swprintf(default_value, _countof(default_value), L"%ls\\bin\\", install_path); error = GetRegString(key, L"bin_dir", s->bin_dir, sizeof(s->bin_dir), default_value); - if (error != ERROR_SUCCESS) + if (error != ERROR_SUCCESS || !ensure_trailing_backslash(s->bin_dir, _countof(s->bin_dir))) { goto out; } @@ -110,9 +128,9 @@ goto out; } - swprintf(default_value, _countof(default_value), L"%ls\\log", install_path); + swprintf(default_value, _countof(default_value), L"%ls\\log\\", install_path); error = GetRegString(key, L"log_dir", s->log_dir, sizeof(s->log_dir), default_value); - if (error != ERROR_SUCCESS) + if (error != ERROR_SUCCESS || !ensure_trailing_backslash(s->log_dir, _countof(s->log_dir))) { goto out; }