From: Frank Lichtenheld <frank@lichtenheld.com>
Date: Tue, 11 Nov 2025 15:52:31 +0000 (+0100)
Subject: ssl: Change tls_send_payload size argument to size_t
X-Git-Tag: v2.7_rc2~23
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0da6116c0c8fccfa12369139ebf9357d113debba;p=thirdparty%2Fopenvpn.git

ssl: Change tls_send_payload size argument to size_t

There is only one caller of this function and it
wants it to be size_t. So move the size_t to int
conversion one step down in the call chain. Do not
switch key_state_write_plaintext_const, yet, since
that is a backend function and so needs way more
work.

Change-Id: Ic90c5a0e48bda4a02d5e11c4c161f388cc8805af
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1355
Message-Id: <20251111155239.31747-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg34320.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---

diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index c355f66cf..aa1f85854 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -365,11 +365,6 @@ check_connection_established(struct context *c)
     }
 }
 
-#if defined(__GNUC__) || defined(__clang__)
-#pragma GCC diagnostic push
-#pragma GCC diagnostic ignored "-Wconversion"
-#endif
-
 bool
 send_control_channel_string_dowork(struct tls_session *session, const char *str,
                                    msglvl_t msglevel)
@@ -834,6 +829,11 @@ process_coarse_timers(struct context *c)
 #endif /* ENABLE_MANAGEMENT */
 }
 
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
 static void
 check_coarse_timers(struct context *c)
 {
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index 908854a39..398c9ae6d 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -4032,7 +4032,7 @@ tls_post_encrypt(struct tls_multi *multi, struct buffer *buf)
  */
 
 bool
-tls_send_payload(struct key_state *ks, const uint8_t *data, int size)
+tls_send_payload(struct key_state *ks, const uint8_t *data, size_t size)
 {
     bool ret = false;
 
@@ -4042,7 +4042,8 @@ tls_send_payload(struct key_state *ks, const uint8_t *data, int size)
 
     if (ks->state >= S_ACTIVE)
     {
-        if (key_state_write_plaintext_const(&ks->ks_ssl, data, size) == 1)
+        ASSERT(size <= INT_MAX);
+        if (key_state_write_plaintext_const(&ks->ks_ssl, data, (int)size) == 1)
         {
             ret = true;
         }
@@ -4053,7 +4054,7 @@ tls_send_payload(struct key_state *ks, const uint8_t *data, int size)
         {
             ks->paybuf = buffer_list_new();
         }
-        buffer_list_push_data(ks->paybuf, data, (size_t)size);
+        buffer_list_push_data(ks->paybuf, data, size);
         ret = true;
     }
 
diff --git a/src/openvpn/ssl.h b/src/openvpn/ssl.h
index ffcc7c4a0..db8a7985b 100644
--- a/src/openvpn/ssl.h
+++ b/src/openvpn/ssl.h
@@ -426,7 +426,7 @@ void ssl_put_auth_challenge(const char *cr_str);
 /*
  * Send a payload over the TLS control channel
  */
-bool tls_send_payload(struct key_state *ks, const uint8_t *data, int size);
+bool tls_send_payload(struct key_state *ks, const uint8_t *data, size_t size);
 
 /*
  * Receive a payload through the TLS control channel