Fix problem with special case route targets ('remote_host')

The init_route() function will leave &netlist untouched for
get_special_addr() routes ("remote_host" being one of them).
netlist is on stack,  contains random garbage, and netlist.len
will not be 0 - thus, random stack data is copied from
netlist.data[] until the route_list is full.

This issue has been reported several places lately:
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=600166
   http://thread.gmane.org/gmane.network.openvpn.devel/4083
   https://forums.openvpn.net/viewtopic.php?f=1&t=7201&p=8168

Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: David Sommerseth <dazo@users.sourceforge.net>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>

diff --git a/route.c b/route.c
index 5d8f8d66afc2fe0f58ac44da5885075e87b8e32e..20f62d547864b34a4b3d3288be66411f4b86f8bc 100644 (file)
--- a/route.c
+++ b/route.c
@@ -450,6 +450,8 @@ init_route_list (struct route_list *rl,
        struct route r;
        int k;
 
+        CLEAR(netlist);                /* init_route() will not always init this */
+
        if (!init_route (&r,
                         &netlist,
                         &opt->routes[i],