From: Lev Stipakov <[email protected]> The size is passed from the limited-privileges process. This check ensures that the service won't allocate more than needed.
Reported-by: Joshua Rogers <[email protected]> Found-by: ZeroPath (https://zeropath.com/) Change-Id: I75ebf01641db4dcd07041e3b8b3fa8a632d07595 Signed-off-by: Lev Stipakov <[email protected]> Acked-by: Gert Doering <[email protected]> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1331 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1331 This mail reflects revision 1 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering <[email protected]> diff --git a/src/openvpnserv/interactive.c b/src/openvpnserv/interactive.c index ce0d4dd..cb31267 100644 --- a/src/openvpnserv/interactive.c +++ b/src/openvpnserv/interactive.c @@ -446,9 +446,9 @@ } size = bytes / sizeof(*data); - if (size == 0) + if ((size == 0) || (size > 4096)) /* our startup data is 1024 wchars at the moment */ { - MsgToEventLog(M_SYSERR, L"malformed startup data: 1 byte received"); + MsgToEventLog(M_SYSERR, L"malformed startup data: %lu bytes received", size); ReturnError(pipe, ERROR_STARTUP_DATA, L"GetStartupData", 1, &exit_event); goto err; } _______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
