git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Lev Stipakov <lev@openvpn.net>
	Fri, 5 Jun 2026 14:18:02 +0000 (16:18 +0200)
committer	Gert Doering <gert@greenie.muc.de>
	Fri, 5 Jun 2026 18:03:47 +0000 (20:03 +0200)
commit	71b271d9a168b7c43f3b78bdc4768edadfa25e86
tree	4a439e5c4f44dc008bca33828859f513b4a60cc5	tree \| snapshot
parent	2b8afc6c685f4e451fd0fa5aa37f18147520dfc1	commit \| diff

socket: assert buffer length before reading prepended sockaddr family

read_sockaddr_from_packet() inspected sa->sa_family before any check
on buf->len, so a short delivery from the dco-win driver would have
produced a garbage peer address from uninitialized buffer memory.
The driver always prepends a full sockaddr and validates the family
before writing, so reaching any of the size/family checks would mean
something is severely wrong on the driver side - assert the three
preconditions instead of M_FATAL'ing on them.

GitHub: https://github.com/OpenVPN/openvpn-private-issues/issues/105

Change-Id: I2ce954aa5b74002be5e38d53783435736625bb2f
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1706
Message-Id: <20260605141808.14028-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg37065.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>