From patchwork Fri Jun 12 11:33:02 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 5027 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:34c4:b0:861:c897:cb9d with SMTP id a4csp599133mag; Fri, 12 Jun 2026 04:33:27 -0700 (PDT) X-Forwarded-Encrypted: i=2; AFNElJ+ziEzrRzJXijVwaI1jCFKC1IrXVBNdRIXY4rz06ePh6rdMqMuPTifnvYFsQ+uVw20iYi33Dcci+IA=@openvpn.net X-Received: by 2002:a05:6830:67da:b0:7e3:d29b:fea4 with SMTP id 46e09a7af769-7e7847f536fmr1648351a34.22.1781264007113; Fri, 12 Jun 2026 04:33:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1781264007; cv=none; d=google.com; s=arc-20240605; b=a8+hY1w4p8E8DquCtqnO0HV+ffLWJbtVt13sLLfwRqr58d19H5oOrnURJ4fDUFdH97 Tb4PJWjp0sIxpkQki/v/4Xof/hJT+ZirSi89Qpem6yG827TYsYvnpuQwI5EOkqJ0I8OA R1nYgjqHP+8CCcYzxRfqx5oAjjK3ZP3s3dMlskk3GMDJa+qqazGc65iXh9oDh7qcw0C8 a8yymG2IWbAuP5dL7jQ8sr1uNxPNT09g9mv//F+apM2GlkeTPh/O0VQr0APUm90V4gf2 6E19nSQ0VDGYHzLWCYw95khW/Q1+a9NYjI6zCURYkuhS4UagrPxxg9NhUtprHQ0DaezK XcdA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=MtI2gPCY/x1aos8t4yxqEFg8DiInf278A0mswhhm0uk=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=chdMfL7j2tLnOLzqdXeP8PQ2xPe1WGZHPfg+00TJpG9QUWcD++96TPqlTdgzM3FMkq sSQCoYpgZy6yoa/kLjes1SjY3xD2BEWVPBW7mW21LPEwGKvqM/0WoLgWjSy3ZHnOW8+Z CInrk3QreVz3yD59UoVp8kDfoYmf3LXo3Ygmabt16ikM5g65fk13bsP4DYn7Os04Nf55 itvgqy91VKoxPMdZx69+FKF32Z9j7+Ej2IIZ1+3buK5HxKqltdBSXyXWRkEUKFTvWmkh aMnCXOb2G/int/azQAxGKvPAUOflUCFP4vT/ONGerD5Kg18jEUiDDj/5gB0lfuocF/4q ruDg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=U3kTNiRo; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=CzXWvHO6; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=RhDdk8XM; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 46e09a7af769-7e78175b516si1631111a34.82.2026.06.12.04.33.26 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 12 Jun 2026 04:33:27 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=U3kTNiRo; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=CzXWvHO6; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=RhDdk8XM; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=MtI2gPCY/x1aos8t4yxqEFg8DiInf278A0mswhhm0uk=; b=U3kTNiRoinxXQou4BtmZ3XmMCg yHXy7uo/N8xhevTRWHirpy2r6NFWGsQUm/NWb+3jR2v/Q0epA9wJZubd5vcE67/joyOqUfg0xmgu6 TxYQv6QVD2E21LGMA0uMu4RIHjRCYLz3ceKG8ZZP8xHFjJy8sUy2N1v3mPqbECFUWXB8=; Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1wY08a-0004n0-CO; Fri, 12 Jun 2026 11:33:24 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1wY08Z-0004mt-3v for openvpn-devel@lists.sourceforge.net; Fri, 12 Jun 2026 11:33:23 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=PcZm2482skWE6XCcc1J9OAgBV3v+JWkSDHCiwc11Rm8=; b=CzXWvHO61yvj8plV9R+RYQbswy Qk0krrhB4cB/c8ZNcChailOHTq+LTBA91BrhiWbIBJwRNpveBONHZWLVHaisiHPnjdbUD8lxbrdBu 7M21l0Q+qxzUTZDMADPeIN4LFk4r5PACtStrFK5fV0Q3ju/XCN7E03ZfYvh07H0CfA1A=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=PcZm2482skWE6XCcc1J9OAgBV3v+JWkSDHCiwc11Rm8=; b=RhDdk8XMizzk/waguUEAjYsGGt Z3OHOAfvpK0aGK1o1IPnm+YF/HLBh00YDdCUP63lJnushf7JJluLPeXEipFBnDAuC5emsAo6Vx/W7 Fgyr+4eULOEG6sIFRzk86G4il+YKgmeP30wtodFCNMKM/aFzmebhExa3MIoTpFrx9N1U=; Received: from [193.149.48.129] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1wY08W-0000X0-UT for openvpn-devel@lists.sourceforge.net; Fri, 12 Jun 2026 11:33:23 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 65CBX91F029927 for ; Fri, 12 Jun 2026 13:33:09 +0200 Received: (from gert@localhost) by blue.greenie.muc.de (8.18.2/8.18.1/Submit) id 65CBX9lO029926 for openvpn-devel@lists.sourceforge.net; Fri, 12 Jun 2026 13:33:09 +0200 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Fri, 12 Jun 2026 13:33:02 +0200 Message-ID: <20260612113309.29903-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.53.0 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Frank Lichtenheld Add additional checking to make sure that the required casts are safe. Change-Id: Icc31b7fa0da86220df45552aecc15dc6c769cd54 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe Gerrit URL: https://gerrit.openvpn.net/c [...] Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1wY08W-0000X0-UT Subject: [Openvpn-devel] [PATCH v12] push: Fix conversion issues related to timeout in send_auth_pending_messages X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: 1867790687070742834 X-GMAIL-MSGID: 1867790687070742834 From: Frank Lichtenheld Add additional checking to make sure that the required casts are safe. Change-Id: Icc31b7fa0da86220df45552aecc15dc6c769cd54 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1293 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1293 This mail reflects revision 12 of this Change. Acked-by according to Gerrit (reflected above): Arne Schwabe diff --git a/src/openvpn/push.c b/src/openvpn/push.c index 564ce86..e391147 100644 --- a/src/openvpn/push.c +++ b/src/openvpn/push.c @@ -429,11 +429,6 @@ gc_free(&gc); } -#if defined(__GNUC__) || defined(__clang__) -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wconversion" -#endif - bool send_auth_pending_messages(struct tls_multi *tls_multi, struct tls_session *session, const char *extra, unsigned int timeout) @@ -449,7 +444,12 @@ /* Calculate the maximum timeout and subtract the time we already waited */ unsigned int max_timeout = max_uint(tls_multi->opt.renegotiate_seconds / 2, tls_multi->opt.handshake_window); - max_timeout = max_timeout - (now - ks->initial); + time_t time_elapsed = now - ks->initial; + if (time_elapsed < 0 || time_elapsed >= (time_t)max_timeout) + { + return false; + } + max_timeout -= (unsigned int)time_elapsed; timeout = min_uint(max_timeout, timeout); struct gc_arena gc = gc_new(); @@ -734,6 +734,11 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static bool send_push_options(struct context *c, struct buffer *buf, struct push_list *push_list, int safe_cap, bool *push_sent, bool *multi_push) diff --git a/src/openvpn/ssl_verify.c b/src/openvpn/ssl_verify.c index 0804d2d..31ecf13 100644 --- a/src/openvpn/ssl_verify.c +++ b/src/openvpn/ssl_verify.c @@ -922,8 +922,9 @@ buf_chomp(iv_buf); buf_chomp(extra_buf); + errno = 0; long timeout = strtol(BSTR(timeout_buf), NULL, 10); - if (timeout <= 0) + if (timeout <= 0 || (unsigned long)timeout > UINT_MAX || errno) { msg(M_WARN, "could not parse auth pending file timeout"); buffer_list_free(lines);