The assert() check might be optimized away in Release builds,
and killing the process through abort() when input formats are
bad when we already have an error message in place does not seem right.
Suggested by: Ralf Lici <r...@mandelbit.com>
Signed-off-by: Matthias Andree <matthias.and...@gmx.de>
---
src/openvpn/dco_freebsd.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/openvpn/dco_freebsd.c b/src/openvpn/dco_freebsd.c
index 931f9f68..a756dcca 100644
--- a/src/openvpn/dco_freebsd.c
+++ b/src/openvpn/dco_freebsd.c
@@ -100,7 +100,10 @@ nvlist_to_sockaddr(const nvlist_t *nvl, struct
sockaddr_storage *ss)
in->sin_len = sizeof(*in);
data = nvlist_get_binary(nvl, "address", &len);
- assert(len == sizeof(in->sin_addr));
+ if (len != sizeof(in->sin_addr))
+ {
+ return (false);
+ }
memcpy(&in->sin_addr, data, sizeof(in->sin_addr));
in->sin_port = nvlist_get_number(nvl, "port");
break;
@@ -114,7 +117,10 @@ nvlist_to_sockaddr(const nvlist_t *nvl, struct
sockaddr_storage *ss)
in6->sin6_len = sizeof(*in6);
data = nvlist_get_binary(nvl, "address", &len);
- assert(len == sizeof(in6->sin6_addr));
+ if (len != sizeof(in6->sin6_addr))
+ {
+ return (false);
+ }
memcpy(&in6->sin6_addr, data, sizeof(in6->sin6_addr));
in6->sin6_port = nvlist_get_number(nvl, "port");
--
2.51.0
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
