git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Lev Stipakov <lstipakov@gmail.com>
	Tue, 19 Mar 2024 15:27:11 +0000 (17:27 +0200)
committer	Gert Doering <gert@greenie.muc.de>
	Tue, 19 Mar 2024 17:50:18 +0000 (18:50 +0100)
commit	989b22cb6e007fd1addcfaf7d12f4fec9fbc9639
tree	95fb882b57d299f1e216a97aac508a036a144c40	tree \| snapshot
parent	2c1de0f0803360c0a6408f754066bd3a6fb28237	commit \| diff

interactive.c: Fix potential stack overflow issue

When reading message from the pipe, we first peek the pipe to get the size
of the message waiting to be read and then read the message. A compromised
OpenVPN process could send an excessively large message, which would result
in a stack-allocated message buffer overflow.

To address this, we terminate the misbehaving process if the peeked message
size exceeds the maximum allowable size.

CVE: 2024-27459
Microsoft case number: 85932

Reported-by: Vladimir Tokarev <vtokarev@microsoft.com>
Change-Id: Ib5743cba0741ea11f9ee62c4978b2c6789b81ada
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Acked-by: Heiko Hund <heiko@openvpn.net>
Message-Id: <20240319152803.1801-2-lev@openvpn.net>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28420.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>