From patchwork Sun Mar 15 23:05:29 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: luca.boccassi@gmail.com X-Patchwork-Id: 4833 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:2755:b0:83c:d90d:321 with SMTP id j21csp2536718maq; Sun, 15 Mar 2026 16:06:47 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCUC0rsTh93rrt283pHK8dvxd3qTWctZ4SAU10Pv4Mh+n30R3V2/VWk/2sG34iaU/tXWpyuFg4DGZYs=@openvpn.net X-Received: by 2002:a05:6820:217:b0:678:24c4:2ef4 with SMTP id 006d021491bc7-67bdaa50b6bmr7476728eaf.50.1773616007620; Sun, 15 Mar 2026 16:06:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1773616007; cv=none; d=google.com; s=arc-20240605; b=hHCPM5Z75JNTs74nw6KVxBYNEJmWDaQsWq+R4YnI6O9r+mGLFlmI4FU2Vx8qG7Ffzv QwCHFHBPtrwyT6Za1qkmx7YxL2hH1xjHM7bfHMLefcEiNlmzYtQ62j86GMVnDeHJ3+z1 LhIM3yFJAnfqTVncyEZ/jr6OJjgvnNI3HoJU8/qjnAwyDJ7KEY0bW09kDg+CsT4FeaaL QsV9IKBGyBsrAPt8XO13w/NgN3326Kmiop1UQBtO+2t9nNzwtCo26FXOiQaXRLf0IDBZ yrhdos6IqLgjGps+9oRYvR3DtlWF4rw3rDH/NhtdxPbxsi/xVLwqFNdOIot9gMRzONBM qL9A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature:dkim-signature; bh=XM92qzFANwfMcYKqaUJjK8Yhf3v48vAdUPsjy+MKGls=; fh=FRWMOQmE4vArX8xPll5WCJJjcBedLRfud2/cHUpioeU=; b=FlLBvNt67l6DFoTkA5TeviZrIJ38hOd2quGSzXRwlePIs0/NM+vAQRVJ18m5rLH6X3 tpHpLF5KJjCM25R6wMFAD4oMMIj3nC/20JzydNBzJG/stL6V3/1TbqBYG6fzKbqQQzNU PhGewjhldnsuz3BpBT6rVZu/IeGIqN05KzrG8P7Qb+kvsTloyNdvxuQ4OpEK4y58uExx jeQZi8UyMKS3Wi7zCiAUap3gKEsNarspfmlPxmHJ6Bht4eZJLZAxHFlvjSP2MZifWnDC QpRTgzkYVyytK9fHbSHHKKfzJ3mHK/QgYD/Xuejf7k6AAi9pCzukDvEyYednkHQZoILY xrcQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=HOa3wriU; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=JvJXz5ZX; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=OqENMBU4; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20230601 header.b=S2TpsFEO; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=neutral header.i=@openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 006d021491bc7-67bdd612b7asi3973689eaf.86.2026.03.15.16.06.47 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 15 Mar 2026 16:06:47 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=HOa3wriU; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=JvJXz5ZX; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=OqENMBU4; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20230601 header.b=S2TpsFEO; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=neutral header.i=@openvpn.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:Cc: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=XM92qzFANwfMcYKqaUJjK8Yhf3v48vAdUPsjy+MKGls=; b=HOa3wriUyVWIcce3kWqa8NxoT8 VsThtu9azd/+L2rYOnf36HCitGD0P1xB608OvzFyqQgksJpvF9vtrxiVs9AurDuRaUPAp2usOqWdO wq4+Ezu8Gfelik9hlAZDu44Zzhxp179rQwfiYPmn8bFhk9Z9ItIxDzBPDCWsxl64co4c=; Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1w1uXj-0000Px-4D; Sun, 15 Mar 2026 23:06:43 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1w1uXe-0000Pq-9I for openvpn-devel@lists.sourceforge.net; Sun, 15 Mar 2026 23:06:38 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=znggBQvKt9TLYQqMPOm+ITTICpbLQIiOFj4TQ7DzGCM=; b=JvJXz5ZXlL7cl43HjyLkb9wVAJ zhm7Khr8sdqmtk7hoCJru/vhdptMmX8m6eQQxxxZVZx39gZUHavsfSELvrdrxTYF4ur234yC8UjpC 4r5NNhFHxQnVXkk0TtwKVRXImh/pcyn7SCDrkrpC5+e3nxtUr9BzDYJqHfY8VOcQdWPE=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=znggBQvKt9TLYQqMPOm+ITTICpbLQIiOFj4TQ7DzGCM=; b=OqENMBU4xDcj9eO9GA7o4rxiF+ RVWqK7qxFP3I8t2xySmQ+FD1FCERM9u+/6LA0TbSHTsaXl9VPTQfuyv2gBYi+SrsazMqjupbcoZeS QvH8HgOwQ1lWpD3YRrCGnYMR0ZKhIZ3aVpAEOwXrKDJ32Eo4A6RwXwxDfliRDCbygGC0=; Received: from mail-wm1-f50.google.com ([209.85.128.50]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1w1uXd-00033I-PC for openvpn-devel@lists.sourceforge.net; Sun, 15 Mar 2026 23:06:38 +0000 Received: by mail-wm1-f50.google.com with SMTP id 5b1f17b1804b1-48535a0ef86so33071085e9.1 for ; Sun, 15 Mar 2026 16:06:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1773615986; x=1774220786; darn=lists.sourceforge.net; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=znggBQvKt9TLYQqMPOm+ITTICpbLQIiOFj4TQ7DzGCM=; b=S2TpsFEObEQKxkUMPmABh0m6FqJtF0f+8muZonSY4nG+rajGzlY9R5llMkA4NcBolW 2o5EEGp1vLrpkRw5CYYwFXVGhXv838mzlU+t7B+gXcadx8enlxAK0QN2v11qgRdzC/ul ZYh6Py81nHAia2W1B3+Rca1lCcm3bAIaLLGLlEsN+CJcVktK2z8VgJelp0Y5jejOMQJd VkODGihgqfNkmtdkqmFQg2fCj58053PrLaYcWWMH7504lmR1YqUSNt9xzLL9+i8FXQM/ vIPMVtrTTC4t6EfqMNyujrwZZ8kNkuKfgC8vpX9rJHTRf6xRJuoApVxN3mBPjL36KxrR AchQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1773615986; x=1774220786; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=znggBQvKt9TLYQqMPOm+ITTICpbLQIiOFj4TQ7DzGCM=; b=Id3njg4JIpm9H//UjkRCy8r/PuX84GDLUQx7kbWDxVcqlYQ//SOWRcoRm9k2YYMxmk Eq77GZ2tMqLC6plh6WfdGpolT3OIVRYpFV5fWdF9Iy9lBnUqB4ByjAwo7Ssc2INSxrrI yNUUCbt2sHTkSs2h7H6l0wrTxQqqscmUvl/cWg0axgdM/DT1qLp7JtRgMR16WUAP/cDa ZXbVBZoelMBOZi+Ogp6aMxRdL8p/ZN6cNSXCZ/53DX8C85PPZ+eefsqO+4Oi7w9eqRoN wkoyv1bMVW4nRT6wnk9GCy8aswCRf3xvigyzRTG1Zb1n1rdb9xnKaYr8R0F6lpcOkqeU /UDQ== X-Gm-Message-State: AOJu0YzoupE1erUFtPHuonrP0GfBJufeQETdFbsdzJ+C249LsLuK1e+/ qKRwmnwFL5vTV0mMUl/4wk++v+1cKrp7Zz9Aw1NVcHNBp9icBMcI96VyJwtV1w== X-Gm-Gg: ATEYQzx55Ppa5FC4QXmdU2TK3DfH+E+P0FGKWyGaVmLQiZ+sfv3jrGKH9XVSQ2uYdH5 0QvYCUGNcH2bjUmGbQskW8kfdOWgQl1WiLa5wjdXJd8bITc2h7gW9B7t71R8cqtZAotCijqohJn PXIXyYV+JnACPLdPp7uG0Q8bgMDW3P+lxfNU6Q8TnINFa0c6NuLBas9l2IZXw2boeLQED4EFDz6 Bty+vd5MuJAeDNAp4eOPY39y/FK+o4F3nXbjGb3TOwDVvYHAFAHG1YlWMRlh91fZtp01+LTgPPE aMggmRtRJZlaWalqwqpqIfrvFta897i7JGfEgfyCJK+35EdhF0cX7UknMcmWx0TnbsiMC6WJkM2 RVw4u8F+ffd7PrNmL5GXfAS0WlHpeLqjD9GQonPRUm8J1JGGAV7iEnzRG6jXnQMj4u7Z0jY8rpH 8y1xxSYZwb8ieX4Zn3cCYm78CQKUor X-Received: by 2002:a05:600c:6304:b0:477:6d96:b3e5 with SMTP id 5b1f17b1804b1-485566d3008mr185996065e9.7.1773615985688; Sun, 15 Mar 2026 16:06:25 -0700 (PDT) Received: from localhost ([2a01:4b00:d036:ae00:21cd:def0:a01d:d2aa]) by smtp.gmail.com with UTF8SMTPSA id 5b1f17b1804b1-48569672c60sm56376175e9.0.2026.03.15.16.06.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 15 Mar 2026 16:06:25 -0700 (PDT) From: luca.boccassi@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Sun, 15 Mar 2026 23:05:29 +0000 Message-ID: <20260315230620.1594780-2-luca.boccassi@gmail.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260315230620.1594780-1-luca.boccassi@gmail.com> References: <20260315184337.1541272-1-luca.boccassi@gmail.com> <20260315230620.1594780-1-luca.boccassi@gmail.com> MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-1.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Luca Boccassi When authenticating via a JWT token 2048 bytes are not enough, which breaks the auth process. In my local case the token is ~2100 bytes. Bump the maximum harcoded size from 2k to 8k to leave some head [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [luca.boccassi(at)gmail.com] 0.0 RCVD_IN_DNSWL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to DNSWL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#DnsBlocklists-dnsbl-block for more information. [209.85.128.50 listed in list.dnswl.org] 0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.128.50 listed in wl.mailspike.net] X-Headers-End: 1w1uXd-00033I-PC Subject: [Openvpn-devel] [PATCH v2 1/3] Increase TLS_CHANNEL_BUF_SIZE from 2048 to 8192 X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Luca Boccassi Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1859754648820128287?= X-GMAIL-MSGID: =?utf-8?q?1859771178663666944?= From: Luca Boccassi When authenticating via a JWT token 2048 bytes are not enough, which breaks the auth process. In my local case the token is ~2100 bytes. Bump the maximum harcoded size from 2k to 8k to leave some headroom. Signed-off-by: Luca Boccassi --- src/openvpn/common.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/openvpn/common.h b/src/openvpn/common.h index aa7b7217..fbe6239a 100644 --- a/src/openvpn/common.h +++ b/src/openvpn/common.h @@ -67,7 +67,7 @@ typedef unsigned long ptr_type; * maximum size of a single TLS message (cleartext). * This parameter must be >= PUSH_BUNDLE_SIZE */ -#define TLS_CHANNEL_BUF_SIZE 2048 +#define TLS_CHANNEL_BUF_SIZE 8192 /* TLS control buffer minimum size * From patchwork Sun Mar 15 23:05:30 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: luca.boccassi@gmail.com X-Patchwork-Id: 4835 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:2755:b0:83c:d90d:321 with SMTP id j21csp2536740maq; Sun, 15 Mar 2026 16:06:50 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVx5OYKftrjqcWqNMK9uXK3R77m3fpkaI+TTpu2G/VTR0biT41QaWQBjFcRtshJzotFVIrCpc7Q1Rg=@openvpn.net X-Received: by 2002:a05:6808:1a18:b0:467:13b5:8af2 with SMTP id 5614622812f47-4675701cd34mr6668128b6e.5.1773616009859; Sun, 15 Mar 2026 16:06:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1773616009; cv=none; d=google.com; s=arc-20240605; b=XnfV+dyp9n3sInsqReJNmkw9Er19Lk7mF7+LlFjpaQzZvpiSDPdFQPmwKhRrY87d9y 1gukKDRfC8Xv1lAaQtuZ9H9QKwSY1pCRshCSJ7sXxhDzRy5bt9oka96BUkAIX3tzYUze RRoJ7NXyykWr+IFAaXtZ8ZrH74f+73qnR1nZUfFd/iBBB857QmmqwXuENEuWsSPFA5+a MnjhbX3zzRsqSYWYc6RGYjsv8qU9gwwvX9VMRr5iwMYOU0rlmSts7CYRq/a6V3gkrahI Jc3lk+e0dbuNTYHig4re6MNGjBVa87O8oWvcm2pOLj8zzNsBbuaOiIINAWuOcFkvFiXP NXVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature:dkim-signature; bh=uELeknqXscD/37CEOqUxXXycZpV2HbFVT7ec2mu72T0=; fh=FRWMOQmE4vArX8xPll5WCJJjcBedLRfud2/cHUpioeU=; b=LQwBQ9F+cgRT0qNE/ZV8NiYh8SUTCnVKWEZIHW3639LVUY3H9HS18ZcyzOxiQ01oJh xpEoEIsHuK6tm02RqUBoH6ilnIq+EICL/Y/hUTHQuhqhiP9VcmgXm6IYPzI0b45dHl1C 59ZYz4eScYwOhZWp+z7wPMBC6TBZOGFugCSV76B7ChQfECewKyRdSv/nCgWIsyee9RrP B2o2LXXu9coKS2ZCb90PderqB+WDmtW2DXqriCtfKyB6eUhxxTcb0ocBrzTR/qMeiLjK wkqmDJIIAVD/jcCrg3Jz4H8YRzqnPb8ZHBnlL19Afbbpmw12WZxhTF0Gzt35mRrNV2Xi t93A==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=STlTgbpU; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=ToVS8+eM; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=mnu1yGjg; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20230601 header.b=VpFKm07U; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=neutral header.i=@openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 5614622812f47-467340b8a2csi7443083b6e.17.2026.03.15.16.06.49 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 15 Mar 2026 16:06:49 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=STlTgbpU; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=ToVS8+eM; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=mnu1yGjg; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20230601 header.b=VpFKm07U; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=neutral header.i=@openvpn.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:Cc: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=uELeknqXscD/37CEOqUxXXycZpV2HbFVT7ec2mu72T0=; b=STlTgbpU6HBwfK9BeEGvnifpui ierAwR8CAHpnRcFdZ0CMdzUdXinr0aYhDSiYr+pT1XQWgbOLLT8BLnbxPuhQixi6QFlf193y34TaG MUD7fAvuIek/8zohRYKCw+Uwy8NbtfwOEGntg1xVpk/5QGQEKuSBO86tGtIFhRY0n6Yk=; Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1w1uXn-0006Cn-Mm; Sun, 15 Mar 2026 23:06:47 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1w1uXf-0006CX-PA for openvpn-devel@lists.sourceforge.net; Sun, 15 Mar 2026 23:06:43 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=HN0e3fcwO+cv4md7vbRNmzE8yDUZpn47aTlmn3j09c4=; b=ToVS8+eM/d1rCQt8N74H+Q5C3U 8/4bWSBDSVlddeAV127OGnZfcaZXunG9d5b5ZaEiLxbceDN4fKGQcswaaBywkCMbIpdNDF5pmTlhS J0wHBbvit6ADM54GLXLmQC6wEdI17o+K/jufpopZJXUg995TH8BMvuH5ZSLRxCAU7cQY=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=HN0e3fcwO+cv4md7vbRNmzE8yDUZpn47aTlmn3j09c4=; b=mnu1yGjgxsZ+dkyywaPSu5L8Gi gT4h79FQaJKCdwGZwnsTgxv7GOvDJ6aDpZyQspLI+ct1us6A9X3DdTqVc+zneDScBynLDdTBeZfeZ rowql6Z9ZsL9lMwZYkB2VDeZReuWmPFWhRcQh3MELXwP9hPG43i/xO+Yqs65Jlr4uPqA=; Received: from mail-wr1-f44.google.com ([209.85.221.44]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1w1uXf-00033L-Ft for openvpn-devel@lists.sourceforge.net; Sun, 15 Mar 2026 23:06:39 +0000 Received: by mail-wr1-f44.google.com with SMTP id ffacd0b85a97d-439cd6b09f8so3143572f8f.3 for ; Sun, 15 Mar 2026 16:06:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1773615988; x=1774220788; darn=lists.sourceforge.net; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=HN0e3fcwO+cv4md7vbRNmzE8yDUZpn47aTlmn3j09c4=; b=VpFKm07U4WpeBCG+yRF8fMi02fUaL9abe3+Hn9C8jOqse+6t72DnEBXFNyALWihqjx e/A2HifQtFw7hcmI3fZRXkqJ/l+EP29xwIL5LnVsUgPtlTH2GqyCsTkMq+y0UvzGVRjg 7uzOzR3w6qKxZ4TUiK3PI7bG5mHeNSvE1Z5O6/xig4Ue4FCRErr5Qsq5fSmjWDT+7LqU Ok28rgqQaewuueJ2mEAvzas9VU1AwwQVY6awkQ9GU4HHWx5v4Zs8cC17Zdyj7pmaYgXF 94UZjfhgKOhE5sHM07atlVWdOqME8aECun/KgytWbj5I9BWHJRoVd13YVAC8d/J2FNV9 OLwg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1773615988; x=1774220788; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=HN0e3fcwO+cv4md7vbRNmzE8yDUZpn47aTlmn3j09c4=; b=cEPUqfKRp9NoOW3rswX5fbsRvP74Hi3HAQF3RWSaqptih1Ab4spuo6Cjm2OON6ZCCT oJjdOXPOZa44+zjnTRNQ6pU1cc9a24ekLHRH8LM6fJoCiju5bOlSD0eUv1Iejaxeve2s Yq0+Q0sMq9odjuehulxBkaTtcKMViJEU+HzFVgC6vXAKYPXR1kR+97mXmmxZqxJ1/5sm XMSN3qTofwK/fnbH/1ZMyHNcOBEqwQmoSrnpfrSSaVz6qwkeNQmSLaRTD0kOcGmrIP6Y DwPksZTYmsRXKEazf60gVnJpjKC2Utx2yMz0At/095SYRM4/xIsUylNY8xyR+3axlcrt ++ew== X-Gm-Message-State: AOJu0YzGP1Fios6Ah0C1rdXBNKWhawVoKeB7tcSmnmnRYwxjxpLYpGHI pu580jc9oynu7/2YjXOII+uSq/0XEQPhlQ0EI63TRW8a1KFs5F+SVbBfXpjTWA== X-Gm-Gg: ATEYQzw/lYWmOsIv8Njf6Rud5eydJAPEsYx17bzIC8dkh3Pz3Xigco0LG4PWiw4U3Oh vGa5PtcrngYTu4paJELr1uAubc3h2lOqMyTv40pmO11BOG0t1B55XE/M6msBjUh26ji5c4mtq/m 1I2zQ+jvpYmbHl9Vzj3sfiGVPQ+rmGzN0RviNm+jVGJ6qGWep6aY2sroudBUKvwX1JAXAvanB9h wAvAJtwykOxPF87LN9oK7SeYAnr82A49TCWEWp0YnfUliFgUNjcJmXKNclR49ct289ZNpaFTnwa EiOobbTPbn5G93hBM+OKn3JdZJsjsTsG7ou8AAgYI+UVbpL4dyVu0xm3/K4ei0/xg4y0SDqnTpA kUtN+Y3Tu8VZjCKLRB2EPr/IJY6lH11YRjig1Itlv7Xsr+NYX1towGSfj3a3jd8ERs33oRP6yy2 qjdSp6YoloIDCEw7tjG51RhnUQ5FMk X-Received: by 2002:adf:e54e:0:b0:43b:4136:1e76 with SMTP id ffacd0b85a97d-43b413628b4mr3939344f8f.29.1773615987617; Sun, 15 Mar 2026 16:06:27 -0700 (PDT) Received: from localhost ([2a01:4b00:d036:ae00:21cd:def0:a01d:d2aa]) by smtp.gmail.com with UTF8SMTPSA id ffacd0b85a97d-439fe19b936sm40222746f8f.5.2026.03.15.16.06.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 15 Mar 2026 16:06:27 -0700 (PDT) From: luca.boccassi@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Sun, 15 Mar 2026 23:05:30 +0000 Message-ID: <20260315230620.1594780-3-luca.boccassi@gmail.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260315230620.1594780-1-luca.boccassi@gmail.com> References: <20260315184337.1541272-1-luca.boccassi@gmail.com> <20260315230620.1594780-1-luca.boccassi@gmail.com> MIME-Version: 1.0 X-Spam-Score: 0.8 (/) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Luca Boccassi When authenticating via a JWT token 128 bytes are not enough, which breaks the auth process. Currently the hardcoded password limit is increased to 4k when PKCS11 is enabled, for similar reasons. Remo [...] Content analysis details: (0.8 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' headers 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [luca.boccassi(at)gmail.com] 0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.221.44 listed in wl.mailspike.net] X-Headers-End: 1w1uXf-00033L-Ft Subject: [Openvpn-devel] [PATCH v2 2/3] Unconditionally set USER_PASS_LEN to 4096 X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Luca Boccassi Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1859754648723151930?= X-GMAIL-MSGID: =?utf-8?q?1859771181456440379?= From: Luca Boccassi When authenticating via a JWT token 128 bytes are not enough, which breaks the auth process. Currently the hardcoded password limit is increased to 4k when PKCS11 is enabled, for similar reasons. Remove the compile time conditional and always set the limit to 4k. Signed-off-by: Luca Boccassi --- src/openvpn/misc.h | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/openvpn/misc.h b/src/openvpn/misc.h index e9cfadba..2c495d41 100644 --- a/src/openvpn/misc.h +++ b/src/openvpn/misc.h @@ -58,11 +58,7 @@ struct user_pass bool protected; /* max length of username/password */ -#ifdef ENABLE_PKCS11 #define USER_PASS_LEN 4096 -#else -#define USER_PASS_LEN 128 -#endif /* Note that username and password are expected to be null-terminated */ char username[USER_PASS_LEN]; char password[USER_PASS_LEN]; From patchwork Sun Mar 15 23:05:31 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: luca.boccassi@gmail.com X-Patchwork-Id: 4834 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:2755:b0:83c:d90d:321 with SMTP id j21csp2536720maq; Sun, 15 Mar 2026 16:06:47 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCX0w1NPN7MSiaz9EwfaN43JOXCB+QNeGmzfCSVBWDiSRXtIQ/6S6AxznMFOWGNbt1mQiFMilYsqZw4=@openvpn.net X-Received: by 2002:a05:6820:1628:b0:67b:baae:3341 with SMTP id 006d021491bc7-67bdaa376d8mr8011858eaf.43.1773616007616; Sun, 15 Mar 2026 16:06:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1773616007; cv=none; d=google.com; s=arc-20240605; b=SLBQeWDVgLkTjvBiIR5cKiltL2kJPOFauKpQ8r1uEy54im8k005IkfdC30lm4wQ0g2 hWjle0c7rXZD2HZ25F+NuyA5PB845RT/zDB2gGVyqDK2dcxjGtpKoQnYEXAwXCXtD6J0 hoQKbtXiBaufDUcOHhYUP8wPG1aH+giAqihDNJl7JKkbc4VT76P4YC17YuaWmLZ3gGjv NW3G4szjg4mzFTjwvwnGzYTcqz8xwu+LeW8GxDS2+EZS7esoA9wgxl5eNDKjUsD/Wvjp fTzxcIEFj+NwyfSwcn9h25qqUnztUX8zcVcgg0y6HWXLd95PKITJc29NazILY+Q43bSC wnJQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature:dkim-signature; bh=Rep6ksANQnwkZcRoz88Y+ozInpeiZUScBb9JHkL24FE=; fh=FRWMOQmE4vArX8xPll5WCJJjcBedLRfud2/cHUpioeU=; b=SpLT6dPuz+F1nvXG9bYJtK7vTAwP8Gc+QaY1eYX3lpXvAQh/vT5KfDJW/b2pAOyIqC HR777sSq4wFeZ/wYUrbE2MxzRWt1SXbBNfiYAsLyfD6miXeUvJtoZ1Q/4bTu9QBrBv7Y TvVqfeGNUVQS3u+aArfmfKgY1CTM5ldRYm5s7tVOdifz5dBSasChSD+u1/PfJhr8sXC2 Ra7kV2P3YR458vNj0dMqrjuXhzOjyjv0/0zfc93o5LVSY2g+Edn8Hl4qJL0A1XKZAiw3 f2MbK8ekkEF+As3OgGIlfQC58+uH8NBRtV/5piaMRUnsmkyyPfDW7sfM+VsZ0l6NzogG mDRw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=RhjYCmkF; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=kT8AFg4i; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=Kc7TH4jo; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20230601 header.b=abeZp9uz; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=neutral header.i=@openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 006d021491bc7-67bf3e2a8e1si1646504eaf.77.2026.03.15.16.06.47 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 15 Mar 2026 16:06:47 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=RhjYCmkF; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=kT8AFg4i; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=Kc7TH4jo; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20230601 header.b=abeZp9uz; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=neutral header.i=@openvpn.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:Cc: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=Rep6ksANQnwkZcRoz88Y+ozInpeiZUScBb9JHkL24FE=; b=RhjYCmkFAvWeGDXKS+U8M1rh3k NnjX7mh615Y26yZKwNYvrmcQ9Rc3q/BRdfitsysts1/TFxVqEjLoC6dt+HTqTD+VFLB/4aLfR/xaq jsxtxncT4hDI/Nwf0SFWzgylKbbRNkvsy5jcJ5iGG4ysUy8/NKprvKgKtmONaioneN/4=; Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1w1uXi-0000je-Fg; Sun, 15 Mar 2026 23:06:43 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1w1uXh-0000jR-Cy for openvpn-devel@lists.sourceforge.net; Sun, 15 Mar 2026 23:06:42 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=gHxvvjzLZ7Ps1MX5y7X1zHoREUU7u/SYZkXhxdEBjcQ=; b=kT8AFg4iXU3cPnnp2onKxvzI2v iDauMuzXPLFUCVUdtm+ZlQ1kd8rDD+64ZKkbJEfoWsuZjRhqZBcBIkVxtosKa++MNFK71a1NeiGst iWBJxLK9LNpiYHK/GftbWK0xf8/eV3tG6NdxzqZj+LTVZLdBeo7z7R4I2TcHIn7GZ7+Y=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=gHxvvjzLZ7Ps1MX5y7X1zHoREUU7u/SYZkXhxdEBjcQ=; b=Kc7TH4joj1xVOGNclvpgLIWFFh lg8FfE9K9GRNy7G6tIyNPjimiM1PJWyMamIMTgNQVqreMhD6aCf5gcEBWjkvERtlLGa+/esoiZChG fcsfbvvQqKifV4UragYg02E6WVlDjfqkRjY90sUoTLnyL/oCZu4jyqgpC3vkladLOvS8=; Received: from mail-wr1-f53.google.com ([209.85.221.53]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1w1uXh-00033U-Kt for openvpn-devel@lists.sourceforge.net; Sun, 15 Mar 2026 23:06:42 +0000 Received: by mail-wr1-f53.google.com with SMTP id ffacd0b85a97d-439b73f4ab4so4476974f8f.1 for ; Sun, 15 Mar 2026 16:06:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1773615990; x=1774220790; darn=lists.sourceforge.net; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=gHxvvjzLZ7Ps1MX5y7X1zHoREUU7u/SYZkXhxdEBjcQ=; b=abeZp9uzP4Aj4rpvArd0/JHt2LRsOUy0OsyJ8RosPGD9njQOYFcMBQ/1Wu+2ghhOwQ V0CDhVfUE4Mv15NP/bwKzKRl86J35+qesPyJo1BP38WbU5PN7nbHEVLuOYBN+5qedYje puZgmuSuflvr+nCYB+WI4EWGCZYu+awR+7eOg0j4s96zyN0y3O+KtUC2hMAdKunvi7l4 VRATVCds5IcZenT6upvaBCmcO89rtPnOTldlrS9VMLHEF0WujZ7MggRCsMBLG4I52/aa vMV9eJ31BEOnkUiznUfOzfnfVxMe/3B24ijcF8Fa6Vt7SbBnqLl25iOyYiN0ctmIfljP aOKg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1773615990; x=1774220790; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=gHxvvjzLZ7Ps1MX5y7X1zHoREUU7u/SYZkXhxdEBjcQ=; b=dnrH4oAfX3baWzRt0L5SxcKKKktXACtTp5tf78mR6LlyI6VN/t56Nh51wfWlxzRdZV UH7ZlU7I4pY7iBqFI/XZ2+MTAllJSNHwKanmbp/o0LU/fqPrDf8yB903PnTLlo0LKepO HwrzRAl7MPf4jQu5QvUasUGKgfRjL4mFtfB0ZOrQKr6+zCbBYECHbEi82BG7hgGdvU8d 9CIeIhCFYiz//liinwU8qS/yP9e46DgdTQ4IK8EeikMi6eCUo3T7cQhifNmoYZrPwarY XNGCTau8YNHVi+nkoptoaX8s2MK4UQmUMz4Lx7FdqaWNihLJ109On249sgIBNlXCdybg 1IuQ== X-Gm-Message-State: AOJu0YxKGKqYcUEPdMMqj+toQy0ezCId3Sha7n3+7uaY0UlE6Zy0w1U1 0cuQMhKlzEqnXoLI6BOmPnLWV7U+XRkHMJxtMVz5v4aaBx7rtNdeRcgpOykEcg== X-Gm-Gg: ATEYQzzOP53tsErNivZ/Sypn6LkhxOxRmlykdfiVN4iXAGw4/muFkfoJbTHxhEBXIsk B9GliBQTa843HzR9H9tZLvR6cf2flSn43TV6R3Tn75WU/8TYf6Pbgbd1/5El4kPppN6SX3L1Xx6 wCD4zxDhCIM67oCETeqXyYemlCnYyaQXDiTNEAvKlxvPjWVfUgRIURVqJFKDDlTZZZzw0dC5j2Q nFlfaVcmGItf7s4bQu4XBWgN2B0ihkHWCgXause5+mKkRDAj5vPpOUOLDKyu8wrCp0gKvKaYtRk BOCr5DaJ/DUsiRbRlRvaxwI9N4tv9b8gumQ/VYYC4GDbSsGwWgA6iCuoymzasZrNm2jpCJAGsKR sNWCyppB5J2EBN/6P+hZBpka5dglcaEH4He1agfQWBB74mIrWfs2Kk58Dw7h/bGGShzaoStogBX 85Xj9/lnxyc/SPlKUCn4+qfcs/pWuK X-Received: by 2002:a05:6000:2010:b0:439:b60a:b3ed with SMTP id ffacd0b85a97d-43a04d83c49mr20988427f8f.9.1773615989729; Sun, 15 Mar 2026 16:06:29 -0700 (PDT) Received: from localhost ([2a01:4b00:d036:ae00:21cd:def0:a01d:d2aa]) by smtp.gmail.com with UTF8SMTPSA id ffacd0b85a97d-439fe20b544sm38034074f8f.20.2026.03.15.16.06.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 15 Mar 2026 16:06:29 -0700 (PDT) From: luca.boccassi@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Sun, 15 Mar 2026 23:05:31 +0000 Message-ID: <20260315230620.1594780-4-luca.boccassi@gmail.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260315230620.1594780-1-luca.boccassi@gmail.com> References: <20260315184337.1541272-1-luca.boccassi@gmail.com> <20260315230620.1594780-1-luca.boccassi@gmail.com> MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-1.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Luca Boccassi These hardcoded limits are different than the password size limit. Use the macro to ensure a password can always fit via the management channel, otherwise when long passwords are used (e.g.: tokens) t [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [luca.boccassi(at)gmail.com] 0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.221.53 listed in wl.mailspike.net] X-Headers-End: 1w1uXh-00033U-Kt Subject: [Openvpn-devel] [PATCH v2 3/3] Ensure the management channel can take passwords up to the max length X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Luca Boccassi Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1859771178492765389?= X-GMAIL-MSGID: =?utf-8?q?1859771178492765389?= From: Luca Boccassi These hardcoded limits are different than the password size limit. Use the macro to ensure a password can always fit via the management channel, otherwise when long passwords are used (e.g.: tokens) they will be silently dropped. Signed-off-by: Luca Boccassi --- src/openvpn/manage.c | 4 ++-- src/openvpn/options.h | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c index df72f15f..5cb25107 100644 --- a/src/openvpn/manage.c +++ b/src/openvpn/manage.c @@ -2653,9 +2653,9 @@ man_connection_init(struct management *man) /* * Allocate helper objects for command line input and - * command output from/to the socket. + * command output from/to the socket. Ensure a password cat fit. */ - man->connection.in = command_line_new(1024); + man->connection.in = command_line_new(USER_PASS_LEN); man->connection.out = buffer_list_new(); /* diff --git a/src/openvpn/options.h b/src/openvpn/options.h index 3d8b5059..4fafdc52 100644 --- a/src/openvpn/options.h +++ b/src/openvpn/options.h @@ -51,10 +51,10 @@ #define MAX_PARMS 16 /* - * Max size of options line and parameter. + * Max size of options line and parameter. Ensure a password can fit. */ -#define OPTION_PARM_SIZE 256 -#define OPTION_LINE_SIZE 256 +#define OPTION_PARM_SIZE USER_PASS_LEN +#define OPTION_LINE_SIZE USER_PASS_LEN extern const char title_string[];