From patchwork Sat Nov 22 16:25:47 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4620 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:6c3:b0:7b1:439f:bdf with SMTP id j3csp917846maw; Sat, 22 Nov 2025 08:26:16 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCXdkaPofjYLVPuXLENVQes+y/Abw25okQZr619KPEGfKmrc1jy0cLhgKtdf+EPQIJnxd2bhsF1ndX4=@openvpn.net X-Google-Smtp-Source: AGHT+IGnzC2UKg1g0q5lFrVtmet+70yuFe5KWEEqs40zd2/SOfqoO9FG7k+cmmr/0P46s2z34wPb X-Received: by 2002:a05:6808:2213:b0:450:50d:c6c2 with SMTP id 5614622812f47-45115b23b32mr2110890b6e.33.1763828776549; Sat, 22 Nov 2025 08:26:16 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1763828776; cv=none; d=google.com; s=arc-20240605; b=J42yCyVG90pfColFRc1wXq4O+/dCiAcMAo1oH1VeqrGHefF72WQabtRFspxLD4hHC8 +wn9XqzIg8Yi079GVCOG1FRoFZSjWV+OWqQOlyIznclmBKG0ctl7u6MBE05U+luuuZBr hv6BIOePyApvZgnJqNjxNmsJREtkFGAUHFFMI4IjrBrWSwvIr+VSOCohn8ho7wDPMz7j 8nv6ExYd6pFLsOGygvAghCSDGbjOfz0NhjP2VUiQWBvvIdi8JTlL9B6tko5ZlqbjKyuD VCaNCI/Xsf92cy0ATfNIfhcIu9EYYhnzgE9rsIpjf9U+Qa4pHyXXwwg+j0nMZxtxUBKb zH0g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=UFQ3JVNnKpPDSmgofZSPggMXozMtTzMDMG+AnwX2DPc=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=WoXlFzLAslgKBIIZVw/aSY2lXeHrDL8mnXXB1X2wDrdiUB7TDyjddQOBH/FQ5Ir3O4 fhmEZDZwyrREaJhVLxwkwb25CVTjzEShsWhi+1IxjfUEOebNTSzColm3PK7+b/B/0hCH c9tH+MGIfhKp19aOD1x2i/DM+AXClSPFEoDABjR47RF5clw8kAkmjqz4vcb19D9AUGKB WsvDP/EbmDRLHt9qfghl2xiKKnH0QivwsPO1PXkjSXjovPYGjv2n6F5VpBbTQMRedXOH eIZZ8dM+YL+Dc6NHlZ7ytfx3jGuuYAuX+nl8nz4wt6bbCl+vIptgWS3xk/MLNjTrVuVx JZkw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=ROfY0wA9; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=j9T42LOO; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=f6CObFb8; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 46e09a7af769-7c78d44340asi1653309a34.548.2025.11.22.08.26.16 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sat, 22 Nov 2025 08:26:16 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=ROfY0wA9; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=j9T42LOO; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=f6CObFb8; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=UFQ3JVNnKpPDSmgofZSPggMXozMtTzMDMG+AnwX2DPc=; b=ROfY0wA9Ynum6dHXT08bEbist2 2YaNXj9EHwgQ0jlevD2KVJKx9QYW83YgV4UmuOAATwwjDyopDskvRQ0uCZ7rDwkiBQqcpSTc6W15J RAy/uoDF3aYG+RqhU1TqjldO2r07Ho7ib4iQwGZ107t3etfSYENdEJmlg+ZYx+ZyqG3Q=; Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1vMqR9-0003ii-FM; Sat, 22 Nov 2025 16:26:11 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1vMqR7-0003ib-Lg for openvpn-devel@lists.sourceforge.net; Sat, 22 Nov 2025 16:26:09 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=fFeI3sKVp5t7uIhZHUrmLiFeOfCdX0HjzVMohZf/udg=; b=j9T42LOOWTi6Jz1P04/JIj928a fiacSTPdJ6szougvRfxgcdVz0cxhZgPY4qdoKkVn8xYm0crGWJoaNVxZ12CLVj58tDhPaypgBAcvB XvRtk6UuRoeRziBjVxbPBYOyCpr+QUWwcVbxEwNetMDPsLU6S9NKDGg80EuVMO8iEWE0=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=fFeI3sKVp5t7uIhZHUrmLiFeOfCdX0HjzVMohZf/udg=; b=f6CObFb8lqbtH1XE/s+3U68B2p mR46gQHT5+w4U+zbCKyJ8XLvOzYL8MuXxEZ6HCduX0aldqffzXuyV1t5MlNG733vrddGuZvt2BB+U BDiqdaNC0XcWFTo3phtc+OLFTqPnkZM3rPihdEYqIqLGWINAYZcsHlhvkkimQV5bLDxM=; Received: from [193.149.48.134] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1vMqR3-0003lM-IB for openvpn-devel@lists.sourceforge.net; Sat, 22 Nov 2025 16:26:09 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 5AMGPrIN012275 for ; Sat, 22 Nov 2025 17:25:53 +0100 Received: (from gert@localhost) by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 5AMGPrsl012274 for openvpn-devel@lists.sourceforge.net; Sat, 22 Nov 2025 17:25:53 +0100 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Sat, 22 Nov 2025 17:25:47 +0100 Message-ID: <20251122162553.12254-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.49.1 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Frank Lichtenheld Coverity complained about "overflow_before_widen" because there is a theoretical overflow that can happen even though the target value is wide enough. For useful values of max_days this is irrelevant [...] Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1vMqR3-0003lM-IB Subject: [Openvpn-devel] [PATCH v1] tls_crypt: Fix Coverity complaint in tls_crypt_v2_check_client_key_age X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1849508523335205288?= X-GMAIL-MSGID: =?utf-8?q?1849508523335205288?= From: Frank Lichtenheld Coverity complained about "overflow_before_widen" because there is a theoretical overflow that can happen even though the target value is wide enough. For useful values of max_days this is irrelevant but Coverity is not wrong, so change the code accordingly. Change-Id: Ie7308d549182a95b86cd113e4a8cc65ff45ba3d7 Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1385 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1385 This mail reflects revision 1 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c index 318c939..9026cff 100644 --- a/src/openvpn/tls_crypt.c +++ b/src/openvpn/tls_crypt.c @@ -539,7 +539,7 @@ int64_t timestamp; memcpy(×tamp, metadata + 1, sizeof(int64_t)); timestamp = (int64_t)ntohll((uint64_t)timestamp); - int64_t max_age_in_seconds = max_days * 24 * 60 * 60; + int64_t max_age_in_seconds = (int64_t)max_days * 24 * 60 * 60; if (now - timestamp > max_age_in_seconds) { msg(M_WARN, "ERROR: Client key is too old.");