When openvpn_snprintf is replaced by snprintf the GCC/MSVC compiler
will perform additional checks that the result is not truncated.
This warning can be avoid by either explicitly checking the return value
of snprintf (proxy) or ensuring that it is never truncated(tls crypt)
Change-Id: If23988a05dd53a519c5e57f2aa3b2d10bd29df1d
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
Message-Id: <
20240326104101.531291-1-frank@lichtenheld.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28475.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
}
/* send digest response */
- openvpn_snprintf(buf, sizeof(buf), "Proxy-Authorization: Digest username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s\", qop=%s, nc=%s, cnonce=\"%s\", response=\"%s\"%s",
- username,
- realm,
- nonce,
- uri,
- qop,
- nonce_count,
- cnonce,
- response,
- opaque_kv
- );
+ int sret = openvpn_snprintf(buf, sizeof(buf), "Proxy-Authorization: Digest username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s\", qop=%s, nc=%s, cnonce=\"%s\", response=\"%s\"%s",
+ username,
+ realm,
+ nonce,
+ uri,
+ qop,
+ nonce_count,
+ cnonce,
+ response,
+ opaque_kv
+ );
+ if (sret >= sizeof(buf))
+ {
+ goto error;
+ }
msg(D_PROXY, "Send to HTTP proxy: '%s'", buf);
if (!send_line_crlf(sd, buf))
{
"Authentication not possible.");
goto cleanup;
}
- openvpn_snprintf(to_send, sizeof(to_send), "\x01%c%s%c%s", (int) strlen(creds.username),
- creds.username, (int) strlen(creds.password), creds.password);
+ int sret = openvpn_snprintf(to_send, sizeof(to_send), "\x01%c%s%c%s",
+ (int) strlen(creds.username), creds.username,
+ (int) strlen(creds.password), creds.password);
+ ASSERT(sret <= sizeof(to_send));
+
size = send(sd, to_send, strlen(to_send), MSG_NOSIGNAL);
if (size != strlen(to_send))
#endif
#ifndef OPENSSL_NO_EC
- char groupname[256];
+ char groupname[64];
if (is_ec)
{
size_t len;
print_cert_details(X509 *cert, char *buf, size_t buflen)
{
EVP_PKEY *pkey = X509_get_pubkey(cert);
- char pkeybuf[128] = { 0 };
+ char pkeybuf[64] = { 0 };
print_pkey_details(pkey, pkeybuf, sizeof(pkeybuf));
char sig[128] = { 0 };
char metadata_type_str[4] = { 0 }; /* Max value: 255 */
openvpn_snprintf(metadata_type_str, sizeof(metadata_type_str),
- "%i", metadata_type);
+ "%i", (uint8_t) metadata_type);
struct env_set *es = env_set_create(NULL);
setenv_str(es, "script_type", "tls-crypt-v2-verify");
setenv_str(es, "metadata_type", metadata_type_str);
#include <sddl.h>
#include <shellapi.h>
#include <mstcpip.h>
+#include <inttypes.h>
#include <versionhelpers.h>
ReturnLastError(pipe, L"malloc");
goto out;
}
- openvpn_swprintf(cmdline, cmdline_size, L"openvpn %ls --msg-channel %lu",
+ openvpn_swprintf(cmdline, cmdline_size, L"openvpn %ls --msg-channel %" PRIuPTR,
sud.options, svc_pipe);
if (!CreateEnvironmentBlock(&user_env, imp_token, FALSE))