From: Arne Schwabe <arne@rfc2549.org>
Date: Fri, 3 Apr 2020 09:09:44 +0000 (+0200)
Subject: Fix off-by-one in tls-crypt-v2 client wrapping with custom metadata
X-Git-Tag: v2.5_beta1~167
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e23fb6b8c88a2aec160965769f6467d455c0d010;p=thirdparty%2Fopenvpn.git

Fix off-by-one in tls-crypt-v2 client wrapping with custom metadata

Instead of writing at the end of the metadata buffer, the decoded
base64 data overwrites the opcode as BPTR points to the beginning
of the buffer and not the current position. Replace with BEND to
fix this off-by-one

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <20200403090944.17726-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg19695.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---

diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c
index 37df2ce75..e9f9cc2ad 100644
--- a/src/openvpn/tls_crypt.c
+++ b/src/openvpn/tls_crypt.c
@@ -664,7 +664,7 @@ tls_crypt_v2_write_client_key_file(const char *filename,
                 (int)strlen(b64_metadata), TLS_CRYPT_V2_MAX_B64_METADATA_LEN);
         }
         ASSERT(buf_write(&metadata, &TLS_CRYPT_METADATA_TYPE_USER, 1));
-        int decoded_len = openvpn_base64_decode(b64_metadata, BPTR(&metadata),
+        int decoded_len = openvpn_base64_decode(b64_metadata, BEND(&metadata),
                                                 BCAP(&metadata));
         if (decoded_len < 0)
         {