]> git.ipfire.org Git - thirdparty/openvpn.git/commitdiff
projects / thirdparty / openvpn.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7062794)
interactive.c: add the upper bound for startupdata size
authorLev Stipakov <lev@openvpn.net>
Thu, 30 Oct 2025 15:04:26 +0000 (16:04 +0100)
committerGert Doering <gert@greenie.muc.de>
Thu, 30 Oct 2025 16:15:28 +0000 (17:15 +0100)
The size is passed from the limited-privileges process.
This check ensures that the service won't allocate
more than needed.

Reported-by: Joshua Rogers <contact@joshua.hu>
Found-by: ZeroPath (https://zeropath.com/)
Change-Id: I75ebf01641db4dcd07041e3b8b3fa8a632d07595
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1331
Message-Id: <20251030150432.4689-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg34039.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
src/openvpnserv/interactive.c patch | blob | blame | history

diff --git a/src/openvpnserv/interactive.c b/src/openvpnserv/interactive.c
index ce0d4dd1550b7a08613976f7d52f01630fd16713..cb3126781e2de66bfbf68f062c8bfd71c126fbe2 100644 (file)
--- a/src/openvpnserv/interactive.c
+++ b/src/openvpnserv/interactive.c
@@ -446,9 +446,9 @@ GetStartupData(HANDLE pipe, STARTUP_DATA *sud)
     }
 
     size = bytes / sizeof(*data);
-    if (size == 0)
+    if ((size == 0) || (size > 4096)) /* our startup data is 1024 wchars at the moment */
     {
-        MsgToEventLog(M_SYSERR, L"malformed startup data: 1 byte received");
+        MsgToEventLog(M_SYSERR, L"malformed startup data: %lu bytes received", size);
         ReturnError(pipe, ERROR_STARTUP_DATA, L"GetStartupData", 1, &exit_event);
         goto err;
     }
Mirror of https://github.com/OpenVPN/openvpn.git