Server can crash on systems using musl libc when client with comma in
commonName tries to connect:

 ifconfig_pool_read(), in='VPN Client, abc,192.168.1.2,'
 RESOLVE: Cannot parse IP address:  abc: (Name does not resolve)

as this leads to NULL pointer dereference in freeaddrinfo():

 Program received signal SIGSEGV, Segmentation fault.
 0x00007ffff7fbf81a in freeaddrinfo (p=0x0) at src/network/freeaddrinfo.c:10
 (gdb) bt
 #0  0x00007ffff7fbf81a in freeaddrinfo (p=0x0) at src/network/freeaddrinfo.c:10
 #1  0x00000000004389ec in get_addr_generic (af=af@entry=2, 
flags=flags@entry=4, hostname=hostname@entry=0x7ffff7ee2988 " abc", 
network=network@entry=0x7fffffffcb7c, netbits=netbits@entry=0x0,
     resolve_retry_seconds=resolve_retry_seconds@entry=0, signal_received=0x0, 
msglevel=64) at openvpn-2.5.7/src/openvpn/socket.c:186
 #2  0x0000000000438a2d in getaddr (flags=flags@entry=4, 
hostname=hostname@entry=0x7ffff7ee2988 " abc", 
resolve_retry_seconds=resolve_retry_seconds@entry=0, 
succeeded=succeeded@entry=0x7fffffffcba7,
     signal_received=signal_received@entry=0x0) at 
openvpn-2.5.7/src/openvpn/socket.c:202
 #3  0x0000000000430ae5 in ifconfig_pool_read (persist=0x7ffff7ee4510, 
pool=0x7ffff7edd450) at openvpn-2.5.7/src/openvpn/pool.c:661

So fix it by checking if `struct addrinfo*` pointer is valid before
passing it down to freeaddrinfo().

References: https://github.com/openwrt/openwrt/issues/11890
Signed-off-by: Petr Štetiar <yn...@true.cz>
---
 src/openvpn/socket.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c
index a883ac4a156c..d304554cefda 100644
--- a/src/openvpn/socket.c
+++ b/src/openvpn/socket.c
@@ -172,7 +172,10 @@ get_addr_generic(sa_family_t af, unsigned int flags, const 
char *hostname,
         *sep = '/';
     }
 out:
-    freeaddrinfo(ai);
+    if (ai)
+    {
+        freeaddrinfo(ai);
+    }
     free(var_host);
 
     return ret;


_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to