]> git.ipfire.org Git - thirdparty/openvpn.git/commitdiff
projects / thirdparty / openvpn.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5ab76ad)
socket: reject mismatched address family in get_addr_generic
authorMikhail Khachaiants <mkhachaiants@gmail.com>
Sat, 18 Oct 2025 08:42:31 +0000 (11:42 +0300)
committerGert Doering <gert@greenie.muc.de>
Mon, 17 Nov 2025 09:08:36 +0000 (10:08 +0100)
Add a family check to prevent copying address data of the wrong type,
which could cause buffer over-read when parsing routes or endpoints.

CVE: 2025-12106

Github: OpenVPN/openvpn-private-issues#77

Signed-off-by: Mikhail Khachaiants <mkhachaiants@gmail.com>
Acked-By: Gert Doering <gert@greenie.muc.de>
Signed-Off-By: Gert Doering <gert@greenie.muc.de>
src/openvpn/socket.c patch | blob | blame | history

diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c
index f7317d13225ae8eff632ae4bf830121418b33c76..8b6e35e4cffe949353641a0a28d35d3634e11517 100644 (file)
--- a/src/openvpn/socket.c
+++ b/src/openvpn/socket.c
@@ -147,6 +147,13 @@ get_addr_generic(sa_family_t af, unsigned int flags, const char *hostname, void
         struct in6_addr *ip6;
         in_addr_t *ip4;
 
+        if (af != ai->ai_family)
+        {
+            msg(msglevel, "Can't parse %s as IPv%d address", var_host, (af == AF_INET) ? 4 : 6);
+            ret = -1;
+            goto out;
+        }
+
         switch (af)
         {
             case AF_INET:
Mirror of https://github.com/OpenVPN/openvpn.git