openssl: fix overflow check for long --tls-cipher option
The length check in tls_ctx_restrict_ciphers() did not check for overflow,
which could lead to a stack buffer overflow.
This has no real-world impact, because --tls-cipher can only be specified
by entities that are allowed to supply config settings. Since those
entities can also change --script-security and call scripts and/or
plugins, these users already have code execution at the level of the
openvpn process. In other words: the attacker would not gain any
capabilities. Nevertheless, a nasty bug that we should fix.
This bug was discovered and reported to the OpenVPN security team by
Guido Vranken.
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <
1495461253-20111-1-git-send-email-steffan.karger@fox-it.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14716.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
projects / thirdparty / openvpn.git / commit
