From patchwork Sun Dec  7 21:05:18 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gert Doering <gert@greenie.muc.de>
X-Patchwork-Id: 4658
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Received: by 2002:a05:7000:29c3:b0:7b1:439f:bdf with SMTP id g3csp318342max;
        Sun, 7 Dec 2025 13:05:49 -0800 (PST)
X-Forwarded-Encrypted: i=2;
 AJvYcCUbsjfSue5AMr1x/9LAJlooipFc1Hn8cMf6TToFfJ8OT5mDb/d0H0JaPG+Ay+kTQoW4NrEwxFzv0Sg=@openvpn.net
X-Google-Smtp-Source: 
 AGHT+IGOY/QC7sc3VI4tfF7Dh+LCV8LLgJa3m3z5xxIPeAQ6L6KopEwJ9HokW7FvM2XS+exjrCdk
X-Received: by 2002:a05:6870:4412:b0:3ec:9f25:6130 with SMTP id
 586e51a60fabf-3f5420d3d7fmr3099383fac.25.1765141549051;
        Sun, 07 Dec 2025 13:05:49 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1765141549; cv=none;
        d=google.com; s=arc-20240605;
        b=U0EKE9hiKYqglQ++H4GXoy7ZIZ+GrIosF1Wn2FITMsETOtmMTDJtE7VfObwUl3XuYz
         r5yAlqyyztTsDz4ZgSQgh7r6dvuEtmGuKDSxfiWjIREsB8mVfuWL1L53osvb8FNNNb7K
         mhkxWRLWmpo8myeor/c7Z+Xb89Rn00o+r+UsZQ0x42mUzrdvxPdvxM93kWts9GSGEk/N
         95BHin7Z5qFWOiT24QSzmVw0dbbFqQS7cmqFUv6e3sLGNCQ3knHdyinHg37/lSIj9iP/
         sF9Z+fjsBioVWS08vGVE8o3UgVo8QBaynG5z+KmyGqXAERKkf1/01TLZ+FY65IpXLhnB
         LK8g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=errors-to:content-transfer-encoding:list-subscribe:list-help
         :list-post:list-archive:list-unsubscribe:list-id:precedence:subject
         :mime-version:references:in-reply-to:message-id:date:to:from
         :dkim-signature:dkim-signature:dkim-signature;
        bh=phkJLuw/1sag+vOXGaaa86niD3XKgeyyUdnCh9ikIP8=;
        fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=;
        b=b8ZfSYj52ihkhT3v6NyUOdjoCMcI8owi8WdEoagA6AsMSFdcgX52OuWIfGsRqh4Dlc
         M9KcoG6XIlt7kPtZOCLuacRRS2+QUW6BgUZegPehA/UxfTZprd2DJNTKIl8KPqkic3xB
         4pvwTrCLlr+WLP2VYdJaBy/9wSK4s9V5Nv0hiO/wlPpCCHr8NjrSa72SRJB7DiXIOWx/
         XT+mNsUjHAk0IvqNnAbH1QPtOGsVXwMmpQWHF0mZSCsg18KeyPebH0plP7Qpa5PQkLUD
         /isgRJb5Ii4CYMxW5QTHKaf+pJLdWX60GYxA6ReZNrMaDtsnwi6Fnu/c62KRdQf07onu
         dnBg==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@lists.sourceforge.net header.s=beta
 header.b=ZyAlPWOr;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b=g0uXqepY;
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b=b3YTcGHj;
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de
Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7])
        by mx.google.com with ESMTPS id
 586e51a60fabf-3f50b50da16si6420495fac.382.2025.12.07.13.05.48
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Sun, 07 Dec 2025 13:05:48 -0800 (PST)
Received-SPF: pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) client-ip=216.105.38.7;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@lists.sourceforge.net header.s=beta
 header.b=ZyAlPWOr;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b=g0uXqepY;
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b=b3YTcGHj;
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:
	List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:
	Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender:
	Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From:
	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner;
	bh=phkJLuw/1sag+vOXGaaa86niD3XKgeyyUdnCh9ikIP8=; b=ZyAlPWOr672awDVjDw+YGlhHss
	qYiacqRjLaZD3Hg0TfXdtHhI681X0cp2p2susS5OH1/Cng+V3fYXEdnuOSMfJZSszKeuAEi+E70K+
	rYaNwvvN+IaTU3721TYAikJtq8B6I5djTPzFyIDcb8cvkLwqkotseHir9XLCaZ6kzM1U=;
Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com)
	by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1vSLww-0000up-3D;
	Sun, 07 Dec 2025 21:05:46 +0000
Received: from [172.30.29.66] (helo=mx.sourceforge.net)
 by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
 (envelope-from <gert@blue4.greenie.muc.de>) id 1vSLwu-0000uh-P8
 for openvpn-devel@lists.sourceforge.net;
 Sun, 07 Dec 2025 21:05:44 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References:
 In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=FdvQLMrlCRsGB6ShDvXbiMaSrZ0zfIjPz7Z9/tFTKk0=; b=g0uXqepYutyMmBnvg66CUxG6BV
 LOxTGWyMOaD/Ir/dCf318Qt851jo0VblpO6xMdWELBADfiJPSDtQ61jXqKw5ZhMwzxdRWgAvMpd3Z
 tkZ7y2LBFh5NBlCHLkgdWTGa6E/tULvChPDASYhDhsit8PDHkXjC7gvDYKQsDT8Vfnok=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID:
 Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=FdvQLMrlCRsGB6ShDvXbiMaSrZ0zfIjPz7Z9/tFTKk0=; b=b3YTcGHjjq4lqd7STRtHdr3jG7
 GZ95A+taC/S+IspJRbnTHPuitTv4tIabjOd8HoL8bQnRXCxlXAMRKTIBWipsA8g51L8zEV5Pddop8
 57bbhsBTJYBovPScQvjPhhsucpNGoV/38+JgmFXMZDHivly4O016UPRc0bSKTpGDQSvc=;
Received: from [193.149.48.134] (helo=blue.greenie.muc.de)
 by sfi-mx-2.v28.lw.sourceforge.com with esmtps
 (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95)
 id 1vSLws-00068k-Sf for openvpn-devel@lists.sourceforge.net;
 Sun, 07 Dec 2025 21:05:44 +0000
Received: from blue.greenie.muc.de (localhost [127.0.0.1])
 by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 5B7L5UvN009971
 for <openvpn-devel@lists.sourceforge.net>; Sun, 7 Dec 2025 22:05:30 +0100
Received: (from gert@localhost)
 by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 5B7L5TRJ009970
 for openvpn-devel@lists.sourceforge.net; Sun, 7 Dec 2025 22:05:29 +0100
From: Gert Doering <gert@greenie.muc.de>
To: openvpn-devel@lists.sourceforge.net
Date: Sun,  7 Dec 2025 22:05:18 +0100
Message-ID: <20251207210529.9949-1-gert@greenie.muc.de>
X-Mailer: git-send-email 2.51.2
In-Reply-To: 
 <gerrit.1765030148000.I99a6604fdfc682f9609bfe7672aa78285084dcb9@gerrit.openvpn.net>
References: 
 <gerrit.1765030148000.I99a6604fdfc682f9609bfe7672aa78285084dcb9@gerrit.openvpn.net>
MIME-Version: 1.0
X-Spam-Score: 1.3 (+)
X-Spam-Report: Spam detection software,
 running on the system "sfi-spamd-2.hosts.colo.sdot.me",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  From: Klemens Nanni <kn@openbsd.org> `get_addr_generic()`
 expects `openvpn_getaddrinfo()` to return a newly allocated struct,
 but getaddrinfo(3)
 failure leaves `*ai = NULL` as-is. On OpenBSD, unlike free(3),
 freegetaddrinfo(3) requires a valid struct,
 thus callers must check the argument to avoid NULL-deref
 or double-free:
 Content analysis details:   (1.3 points, 5.0 required)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
X-Headers-End: 1vSLws-00068k-Sf
Subject: [Openvpn-devel] [PATCH v2] Prevent crash on invalid server-ipv6
 argument
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox
X-GMAIL-THRID: =?utf-8?q?1850793827447392971?=
X-GMAIL-MSGID: =?utf-8?q?1850885064457030275?=

From: Klemens Nanni <kn@openbsd.org>

`get_addr_generic()` expects `openvpn_getaddrinfo()` to return a newly
allocated struct, but getaddrinfo(3) failure leaves `*ai = NULL` as-is.

On OpenBSD, unlike free(3), freegetaddrinfo(3) requires a valid struct,
thus callers must check the argument to avoid NULL-deref or double-free:

```
$ openvpn --server-ipv6 ''
2025-12-06 11:59:18 RESOLVE: Cannot resolve host address: :[AF_INET6] (no address associated with name)
Segmentation fault (core dumped)
```

Guard against empty `ai`, i.e. failure, like similar code already does:

```
$ ./openvpn --server-ipv6 ''
2025-12-06 12:05:11 RESOLVE: Cannot resolve host address: :[AF_INET6] (no address associated with name)
Options error: error parsing --server-ipv6 parameter
Use --help for more information.
```

Spotted through a configuration typo "server-ipv6 fd00:/64" with 2.6.17,
reproduced with and tested against 2.7rc3 on OpenBSD/amd64 7.8-current.


NB: Standards are unclear wrt. freeaddrinfo(3)'s NULL handling;
    Linux, FreeBSD and illumos do check it and thus not crash.

Change-Id: I99a6604fdfc682f9609bfe7672aa78285084dcb9
Signed-off-by: Klemens Nanni <kn@openbsd.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1418
---

This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.

Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1418
This mail reflects revision 2 of this Change.

Acked-by according to Gerrit (reflected above):
Gert Doering <gert@greenie.muc.de>

diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c
index 46bedf4..80c2895 100644
--- a/src/openvpn/socket.c
+++ b/src/openvpn/socket.c
@@ -189,7 +189,10 @@
         *sep = '/';
     }
 out:
-    freeaddrinfo(ai);
+    if (ai)
+    {
+        freeaddrinfo(ai);
+    }
     free(var_host);
 
     return ret;