Hi, On 29/12/17 17:54, Steffan Karger wrote: > As pointed out in finding OVPN-05 of the cryptograpy engineering audit > (funded by Private Internet Access), buffer_list_aggregate_separator() > could perform a 0-byte malloc when called with a list of 0-length buffers > and a "" separator. If other could would later try to access that buffer > memory, this would result in undefined behaviour. To prevent this, always > malloc() 1 byte. > > To simplify as we go, use alloc_buf() to allocate the buffer. This has > the additional benefit that the actual buffer data (not the contents) is > zero-terminated, because alloc_buf() calls calloc() and we have 1 extra > byte of data. > > Signed-off-by: Steffan Karger <steffan.kar...@fox-it.com>
Acked-by: Antonio Quartulli <a...@unstable.cc> -- Antonio Quartulli
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
