git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Steffan Karger <steffan.karger@fox-it.com>
	Tue, 9 May 2017 19:30:08 +0000 (21:30 +0200)
committer	David Sommerseth <davids@openvpn.net>
	Wed, 10 May 2017 22:35:53 +0000 (00:35 +0200)
commit	5774cf4c25e1d8bf4e544702db8f157f111c9d93
tree	0cc921e7876b5e58824c348c2f22ddd3351a0b06	tree
parent	5806f66eb927a6a698c0f067f563d7bc2203a376	commit \| diff

Don't assert out on receiving too-large control packets (CVE-2017-7478)

Commit 3c1b19e0 changed the maximum size of accepted control channel
packets. This was needed for crypto negotiation (which is needed for a
nice transition to a new default cipher), but exposed a DoS
vulnerability. The vulnerability was found during the OpenVPN 2.4 code
audit by Quarkslab (commisioned by OSTIF).

To fix the issue, we should not ASSERT() on external input (in this case
the received packet size), but instead gracefully error out and drop the
invalid packet.

CVE: 2017-7478
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <1494358209-4568-2-git-send-email-steffan.karger@fox-it.com>
URL: http://www.mail-archive.com/search?l=mid&q=1494358209-4568-2-git-send-email-steffan.karger@fox-it.com
Signed-off-by: David Sommerseth <davids@openvpn.net>

Changes.rst		diff \| blob \| blame \| history
src/openvpn/ssl.c		diff \| blob \| blame \| history