Fix check_session_buf_not_used using wrong index

The inner loop used i instead of j when iterating through the buffers.

Since i is always between 0 and 2 and ks->send_reliable->size is
(when it is defined) always 6 (TLS_RELIABLE_N_SEND_BUFFERS) this does not
cause an index of out bounds.  So while the check was not doing anything
really useful with i instead of j, at least it was not crashing or
anything similar.

Noticed-By: Jon Williams (braindead-bf) on Github issue #449
Change-Id: Ia3d5b4946138df322ebcd9e9e77d04328dacbc5d
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
Message-Id: <20231128104359.62967-1-frank@lichtenheld.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg27576.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 59551b93cdb55397d63b2fe58ad99612821c0faf)

diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index 18cd21f859f8d0822bd7590f6d61bf5be404e75c..02e031eadd0c38b99827615def7d56d00b197c0d 100644 (file)
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -3210,7 +3210,7 @@ check_session_buf_not_used(struct buffer *to_link, struct tls_session *session)
 
         for (int j = 0; j < ks->send_reliable->size; j++)
         {
-            if (ks->send_reliable->array[i].buf.data == dataptr)
+            if (ks->send_reliable->array[j].buf.data == dataptr)
             {
                 msg(M_INFO, "Warning buffer of freed TLS session is still in"
                     " use (session->key[%d].send_reliable->array[%d])",