From patchwork Mon Jan 19 21:49:22 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4723 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:9186:b0:80a:3855:ce6a with SMTP id j6csp3453622maf; Mon, 19 Jan 2026 13:49:39 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCU4U3/Ebue5qt5M8ufK1ljfaB1zS0Bz/jliDLIh/ovQeW5VKWn5FblFe+/drvze6RQiq+ImjvFTNq8=@openvpn.net X-Received: by 2002:a05:6870:a256:b0:404:2e44:18b6 with SMTP id 586e51a60fabf-4044bc7554cmr6125338fac.16.1768859379117; Mon, 19 Jan 2026 13:49:39 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1768859379; cv=none; d=google.com; s=arc-20240605; b=D1PgPG2infa8Km1+kTCipTfIeN2onpHLrVqgc4+751LR2mdQXYWmO7EQf2J9a4pWaO X5m3qmWdNycMA0FFf9VFJD48XHrvS35OUQ4Vy90asSwfoFqPB+99PyNcHCGMcx3FY7nE /96/Uw7D6nP/E+/1ztNgBwMNdWYPJOPkII72QcXOPXqNm1lGhwfZIyhv8Yhf6jbVZBV1 IaX6VK8tEmG1QjguQruYtDo14UO3qPiO6RXH5J4W6V+/hdXpFJkPKuf/6JomMg3L/vpd mJ2r1n3DLQhRzLQ6rTU5pmUbcSMItW10RPteZ84RvLlsTtzBc6a74nFwNUmhCqpdLWEW Gkuw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=41kGLh/TuF75jPC+7iJtU7ItnVOQyamDfqT/6hEk9WQ=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=AE/PGux3u8pA6yTXjKHt3rynGb6viLVEViUh35zi5dvZyRwazelSRwXbPgonbAhXCc 0ZBnT9pk55KBtULxFt7xOsQvybsl5eql1beOcugNI+oHhqTgwbuqnW0eJL8zqIMx1nUA srj3FHDh6y+MsCgKyChEw3cnF+csWRGMe6SN97G88EyBLhLsoqkHB445YsCASTEkP/JX geFpgZ/oZPl2fSMsHwM2W8qfoMozuOaJMJ4svGs2H96Wl8eGvORIC8ZEB3muSvS6s5wx QxxJQpp66gcn5qvBaiLpH29lrA29/zkAk5WBZWKW5NCtuuD73sfMM149xKTDqK4NYo6c DGyw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=NyrcRYTk; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=WwHVnKSt; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=BH1dYaaQ; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-4044bfbba20si7078704fac.457.2026.01.19.13.49.38 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 19 Jan 2026 13:49:39 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=NyrcRYTk; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=WwHVnKSt; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=BH1dYaaQ; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=41kGLh/TuF75jPC+7iJtU7ItnVOQyamDfqT/6hEk9WQ=; b=NyrcRYTkuHNWn5CyAUNWfWufgm H7MQMrSUmKtnMg48mw4k4qWL9Cn29ADAPemabhIkDFFVIW/Q4SAgo3dSJc6KcjvwcOpXkwUQ59dxg FG/VZMQCjAHtdjcd8gkFY73/Db0qp4UvvR+rYQC+/48AwHTYrmeh7Axtc1q4q4s0Qzjs=; Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1vhx7x-00027K-AY; Mon, 19 Jan 2026 21:49:37 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1vhx7v-00027E-J1 for openvpn-devel@lists.sourceforge.net; Mon, 19 Jan 2026 21:49:35 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=490AvBBg+Uco/C0nm/BTa69jNZ7gc67eqEVRjwDDDqc=; b=WwHVnKSt3IigMbzburUPpQNGku aaZ+dZ3POxF0La/YhwvJisz0VTo7F/7CHFKY69255ugCvrba1eFjFiR1HUZlqcb8RqXi14pd9isC6 F2OQsesgq+eeqcVBlFXF+Ynqhy8hUgMrfafsUH+vej1TWDQbrxbMwWXXwNyeRYTHEWv8=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=490AvBBg+Uco/C0nm/BTa69jNZ7gc67eqEVRjwDDDqc=; b=BH1dYaaQuiI+UQsJg9Nnh99KSc HJqsEWc61Ahsl1+Okhue/sx4rirJsobWYTpmu5Wncosur8RRTByrgAHQg5wD//2L4ZCF3KKXbRKRj N4DFFlgzu0KSYsl00aCW2UsTFceEMQ1keY7Z5cuRt68imQCv9SNFrhO+FCExbyWA6iv8=; Received: from [193.149.48.134] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1vhx7u-00063v-GT for openvpn-devel@lists.sourceforge.net; Mon, 19 Jan 2026 21:49:35 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 60JLnSdN027789 for ; Mon, 19 Jan 2026 22:49:28 +0100 Received: (from gert@localhost) by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 60JLnSHL027788 for openvpn-devel@lists.sourceforge.net; Mon, 19 Jan 2026 22:49:28 +0100 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Mon, 19 Jan 2026 22:49:22 +0100 Message-ID: <20260119214927.27766-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.51.2 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-1.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Frank Lichtenheld Mostly so that we can actually test it. Since that code does some in-place conversions a test would be good. Change-Id: Ib517457015b754d59aeb70827c4795aa6154728c Signed-off-by: Frank Lichtenheld Acked-by: Heiko Hund Gerrit URL: https://gerrit.openvpn.net/c/openvpn/ [...] Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1vhx7u-00063v-GT Subject: [Openvpn-devel] [PATCH v5] openvpnserv: Factor out the string conversion from GetItfDnsDomains X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1854783492402813863?= X-GMAIL-MSGID: =?utf-8?q?1854783492402813863?= From: Frank Lichtenheld Mostly so that we can actually test it. Since that code does some in-place conversions a test would be good. Change-Id: Ib517457015b754d59aeb70827c4795aa6154728c Signed-off-by: Frank Lichtenheld Acked-by: Heiko Hund Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1458 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1458 This mail reflects revision 5 of this Change. Acked-by according to Gerrit (reflected above): Heiko Hund diff --git a/src/openvpnserv/interactive.c b/src/openvpnserv/interactive.c index b53207bc..5c00eef 100644 --- a/src/openvpnserv/interactive.c +++ b/src/openvpnserv/interactive.c @@ -2143,6 +2143,106 @@ } /** + * Convert interface specific domain suffix(es) from comma-separated + * string to MULTI_SZ string. + * + * The \p domains paramter will be set to a MULTI_SZ domains string. + * In case of an error \p size is set to 0 and the contents of \p domains + * are invalid. + * Note that domains are deleted from the string if they match a search domain. + * + * @param[in] search_domains optional list of search domains + * @param[in,out] domains buffer that contains the input comma-separated + * string and will contain the MULTI_SZ output string + * @param[in,out] size pointer to size of the input string in bytes. Will be + * set to the size of the string returned, including + * the terminating zeros or 0. + * @param[in] buf_size size of the \p domains buffer + * + * @return LSTATUS NO_ERROR if the domain suffix(es) were read successfully, + * ERROR_FILE_NOT_FOUND if no domain was found for the interface, + * ERROR_MORE_DATA if the list did not fit into the buffer + */ +static LSTATUS +ConvertItfDnsDomains(PCWSTR search_domains, PWSTR domains, PDWORD size, const DWORD buf_size) +{ + const DWORD glyph_size = sizeof(*domains); + const DWORD buf_len = buf_size / glyph_size; + + /* + * Found domain(s), now convert them: + * - prefix each domain with a dot + * - convert comma separated list to MULTI_SZ + */ + PWCHAR pos = domains; + while (TRUE) + { + /* Terminate the domain at the next comma */ + PWCHAR comma = wcschr(pos, ','); + if (comma) + { + *comma = '\0'; + } + + DWORD domain_len = (DWORD)wcslen(pos); + DWORD domain_size = domain_len * glyph_size; + DWORD converted_size = (DWORD)(pos - domains) * glyph_size; + + /* Ignore itf domains which match a pushed search domain */ + if (ListContainsDomain(search_domains, pos, domain_len)) + { + if (comma) + { + /* Overwrite the ignored domain with remaining one(s) */ + memmove(pos, comma + 1, buf_size - converted_size); + *size -= domain_size + glyph_size; + continue; + } + else + { + /* This was the last domain */ + *pos = '\0'; + *size -= domain_size; + return wcslen(domains) ? NO_ERROR : ERROR_FILE_NOT_FOUND; + } + } + + /* Add space for the leading dot */ + domain_len += 1; + domain_size += glyph_size; + + /* Space for the terminating zeros */ + const DWORD extra_size = 2 * glyph_size; + + /* Check for enough space to convert this domain */ + if (converted_size + domain_size + extra_size > buf_size) + { + /* Domain doesn't fit, bad luck if it's the first one */ + *pos = '\0'; + *size = converted_size == 0 ? 0 : converted_size + glyph_size; + return ERROR_MORE_DATA; + } + + /* Prefix domain at pos with the dot */ + memmove(pos + 1, pos, buf_size - converted_size - glyph_size); + domains[buf_len - 1] = '\0'; + *pos = '.'; + *size += glyph_size; + + if (!comma) + { + /* Conversion is done */ + *(pos + domain_len) = '\0'; + *size += glyph_size; + return NO_ERROR; + } + + /* Comma pos is now +1 after adding leading dot */ + pos = comma + 2; + } +} + +/** * Return interface specific domain suffix(es) * * The \p domains paramter will be set to a MULTI_SZ domains string. @@ -2174,7 +2274,6 @@ LSTATUS err = ERROR_FILE_NOT_FOUND; const DWORD buf_size = *size; const DWORD glyph_size = sizeof(*domains); - const DWORD buf_len = buf_size / glyph_size; PWSTR values[] = { L"SearchList", L"Domain", L"DhcpDomainSearchList", L"DhcpDomain", NULL }; for (int i = 0; values[i]; i++) @@ -2183,77 +2282,7 @@ err = RegGetValueW(itf, NULL, values[i], RRF_RT_REG_SZ, NULL, (PBYTE)domains, size); if (!err && *size > glyph_size && domains[(*size / glyph_size) - 1] == '\0' && wcschr(domains, '.')) { - /* - * Found domain(s), now convert them: - * - prefix each domain with a dot - * - convert comma separated list to MULTI_SZ - */ - PWCHAR pos = domains; - while (TRUE) - { - /* Terminate the domain at the next comma */ - PWCHAR comma = wcschr(pos, ','); - if (comma) - { - *comma = '\0'; - } - - DWORD domain_len = (DWORD)wcslen(pos); - DWORD domain_size = domain_len * glyph_size; - DWORD converted_size = (DWORD)(pos - domains) * glyph_size; - - /* Ignore itf domains which match a pushed search domain */ - if (ListContainsDomain(search_domains, pos, domain_len)) - { - if (comma) - { - /* Overwrite the ignored domain with remaining one(s) */ - memmove(pos, comma + 1, buf_size - converted_size); - *size -= domain_size + glyph_size; - continue; - } - else - { - /* This was the last domain */ - *pos = '\0'; - *size -= domain_size; - return wcslen(domains) ? NO_ERROR : ERROR_FILE_NOT_FOUND; - } - } - - /* Add space for the leading dot */ - domain_len += 1; - domain_size += glyph_size; - - /* Space for the terminating zeros */ - const DWORD extra_size = 2 * glyph_size; - - /* Check for enough space to convert this domain */ - if (converted_size + domain_size + extra_size > buf_size) - { - /* Domain doesn't fit, bad luck if it's the first one */ - *pos = '\0'; - *size = converted_size == 0 ? 0 : converted_size + glyph_size; - return ERROR_MORE_DATA; - } - - /* Prefix domain at pos with the dot */ - memmove(pos + 1, pos, buf_size - converted_size - glyph_size); - domains[buf_len - 1] = '\0'; - *pos = '.'; - *size += glyph_size; - - if (!comma) - { - /* Conversion is done */ - *(pos + domain_len) = '\0'; - *size += glyph_size; - return NO_ERROR; - } - - /* Comma pos is now +1 after adding leading dot */ - pos = comma + 2; - } + return ConvertItfDnsDomains(search_domains, domains, size, buf_size); } }