Fix off-by-one in tls-crypt-v2 client wrapping with custom metadata

Instead of writing at the end of the metadata buffer, the decoded
base64 data overwrites the opcode as BPTR points to the beginning
of the buffer and not the current position. Replace with BEND to
fix this off-by-one

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <20200403090944.17726-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg19695.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c
index 37df2ce75a46d67634a1fdef15c4ed83aee139e4..e9f9cc2ad5745b1b04579832b43cf21786e0f4a9 100644 (file)
--- a/src/openvpn/tls_crypt.c
+++ b/src/openvpn/tls_crypt.c
@@ -664,7 +664,7 @@ tls_crypt_v2_write_client_key_file(const char *filename,
                 (int)strlen(b64_metadata), TLS_CRYPT_V2_MAX_B64_METADATA_LEN);
         }
         ASSERT(buf_write(&metadata, &TLS_CRYPT_METADATA_TYPE_USER, 1));
-        int decoded_len = openvpn_base64_decode(b64_metadata, BPTR(&metadata),
+        int decoded_len = openvpn_base64_decode(b64_metadata, BEND(&metadata),
                                                 BCAP(&metadata));
         if (decoded_len < 0)
         {