diff options
author | Antonio Quartulli | 2022-06-28 11:41:44 +0200 |
---|---|---|
committer | Gert Doering | 2022-06-28 17:31:59 +0200 |
commit | ce24bec7e2518d4ea7aa931021454d1191f4906b (patch) | |
tree | 7617bf0face3de3b9bf45f03ea0f898eb7564d03 | |
parent | 70897fd139e84a64d6344bf6af28fe0b0b8087d3 (diff) | |
download | openvpn-ce24bec7e2518d4ea7aa931021454d1191f4906b.zip openvpn-ce24bec7e2518d4ea7aa931021454d1191f4906b.tar.gz |
tls-crypt-v2: bail out if the client key is too small
The tls-crypt-v2 key should be at least 2 bytes long in order to read
the actual length. Bail out if the key is too short.
This looks like it could be abused to trigger a read of uninitialized
memory, but after close checking it won't:
We read from BEND(), so this is defined for TCP since the minimum
length there is 3 bytes (pkt len + opcode)
For UDP we might read past the beginning of the packet but since they
are buffers coming from the packet stack we have the headroom/tailroom,
so might read some random data (but not out of bound!).
So we copy some more or less random number into net_len/wkc_len but without
actually reading from undefined memory.
The next line will then almost definitively fail (buf_advance()).
While at it improve the error message a bit.
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <20220628094144.17471-1-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg24580.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 462339a45089ef655faf02232d7d792def9b8afb)
-rw-r--r-- | src/openvpn/tls_crypt.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c index 663f5e1..f2a9746 100644 --- a/src/openvpn/tls_crypt.c +++ b/src/openvpn/tls_crypt.c @@ -585,7 +585,8 @@ tls_crypt_v2_extract_client_key(struct buffer *buf, if (BLEN(&wrapped_client_key) < sizeof(net_len)) { - msg(D_TLS_ERRORS, "failed to read length"); + msg(D_TLS_ERRORS, "Can not read tls-crypt-v2 client key length"); + return false; } memcpy(&net_len, BEND(&wrapped_client_key) - sizeof(net_len), sizeof(net_len)); |