Am 22.04.21 um 01:49 schrieb Antonio Quartulli: > From: Antonio Quartulli <anto...@openvpn.net> > > A fingerprint is not expected to contains any blank (white space), > howeveri, the parser routine will still attempt parsing the octect > and ignore the space. > > This means that a fingerprint like > 5 > :F0:A8:75:70:46:6E:0B:A2:31:53:88:0B:0E:8C:E4:8A:5E:BF:1E:08:16:16:41:63:2C:B5:F4:D2:73:9F:E5 > will be parsed successfully. > > Explcitly check for spaces in the various octects, before conversion, > and error out if any is found.
Explicitly > > Signed-off-by: Antonio Quartulli <anto...@openvpn.net> > --- > src/openvpn/options.c | 12 ++++++++++++ > 1 file changed, 12 insertions(+) > > diff --git a/src/openvpn/options.c b/src/openvpn/options.c > index 817a1533..264fe383 100644 > --- a/src/openvpn/options.c > +++ b/src/openvpn/options.c > @@ -1099,6 +1099,18 @@ parse_hash_fingerprint(const char *str, int nbytes, > int msglevel, struct gc_aren > bs[0] = *cp++; > bs[1] = *cp++; > bs[2] = 0; > + > + /* the format string "%x" passed to sscanf will ignore any space and > + * will still try to parse the other character. However, this is not > + * expected format for a fingerprint, therefore explcitly check for explicitly > + * blanks in the string and error out if any is found > + */ > + if (bs[0] == ' ' || bs[1] == ' ') > + { > + msg(msglevel, "format error in hash fingerprint unexpected > blank: %s", > + str); > + } > + > byte = 0; > if (sscanf(bs, "%x", &byte) != 1) > { > I would not have spend the time to fix this but since Antonio done it: Acked-By: Arne Schwabe <a...@rfc2549.org> _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel