The tls-crypt-v2 key should be at least 2 bytes long in order to read
the actual length.
Bail out if the key is too short.
Failing to do so will lead to a read out of the buffer boundary.
While at it improve the error message a bit.
Signed-off-by: Antonio Quartulli <a...@unstable.cc>
---
src/openvpn/tls_crypt.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c
index 88730a99..2fc79111 100644
--- a/src/openvpn/tls_crypt.c
+++ b/src/openvpn/tls_crypt.c
@@ -557,7 +557,8 @@ tls_crypt_v2_extract_client_key(struct buffer *buf,
if (BLEN(&wrapped_client_key) < sizeof(net_len))
{
- msg(D_TLS_ERRORS, "failed to read length");
+ msg(D_TLS_ERRORS, "Can not read tls-crypt-v2 client key length");
+ return false;
}
memcpy(&net_len, BEND(&wrapped_client_key) - sizeof(net_len),
sizeof(net_len));
--
2.35.1
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
