From: Gert Doering <gert@greenie.muc.de>
Date: Thu, 21 Oct 2010 08:35:29 +0000 (+0200)
Subject: Fix problem with special case route targets ('remote_host')
X-Git-Tag: v2.2-beta4~24
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=59afc4a5f72e22b850cfa2845385172623a38e77;p=thirdparty%2Fopenvpn.git

Fix problem with special case route targets ('remote_host')

The init_route() function will leave &netlist untouched for
get_special_addr() routes ("remote_host" being one of them).
netlist is on stack,  contains random garbage, and netlist.len
will not be 0 - thus, random stack data is copied from
netlist.data[] until the route_list is full.

This issue has been reported several places lately:
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=600166
   http://thread.gmane.org/gmane.network.openvpn.devel/4083
   https://forums.openvpn.net/viewtopic.php?f=1&t=7201&p=8168

Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: David Sommerseth <dazo@users.sourceforge.net>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
---

diff --git a/route.c b/route.c
index 5d8f8d66a..20f62d547 100644
--- a/route.c
+++ b/route.c
@@ -450,6 +450,8 @@ init_route_list (struct route_list *rl,
 	struct route r;
 	int k;
 
+        CLEAR(netlist);		/* init_route() will not always init this */
+
 	if (!init_route (&r,
 			 &netlist,
 			 &opt->routes[i],