git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Lev Stipakov <lstipakov@gmail.com>
	Tue, 19 Mar 2024 15:27:11 +0000 (17:27 +0200)
committer	Gert Doering <gert@greenie.muc.de>
	Tue, 19 Mar 2024 17:58:44 +0000 (18:58 +0100)
commit	9b2693feff9c49b9485cf94797c1c3502259dbe1
tree	edb4d619a7e06e00651df4002b9f4df25211b40a	tree \| snapshot
parent	a95e665041466ec7d4ca6dbf89d22c7950e9ef26	commit \| diff

interactive.c: Fix potential stack overflow issue

When reading message from the pipe, we first peek the pipe to get the size
of the message waiting to be read and then read the message. A compromised
OpenVPN process could send an excessively large message, which would result
in a stack-allocated message buffer overflow.

To address this, we terminate the misbehaving process if the peeked message
size exceeds the maximum allowable size.

CVE: 2024-27459
Microsoft case number: 85932

Reported-by: Vladimir Tokarev <vtokarev@microsoft.com>
Change-Id: Ib5743cba0741ea11f9ee62c4978b2c6789b81ada
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Acked-by: Heiko Hund <heiko@openvpn.net>
Message-Id: <20240319152803.1801-2-lev@openvpn.net>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28420.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 989b22cb6e007fd1addcfaf7d12f4fec9fbc9639)