Yeah, looks pretty good, thanks for taking time to look it over! That if statement should be able to catch the invalid index and goto error which will then also help to protect and bypass the variable list index access further down below on line number 3814 which was an additional access also!
Thanks again all, Jon C On Wed, Nov 12, 2025 at 9:34 AM Gert Doering <[email protected]> wrote: > Hi, > > On Sun, Nov 02, 2025 at 09:34:10AM +0100, Gert Doering wrote: > > > In my modified version I wasn't sure of when this hard reset check > > > condition would be true but to prevent an invalid memory access I > changed > > > my code to be this instead: > > > > > > if (i == TM_SIZE || is_hard_reset_method2(op)) > > > > From my understanding of this code, this is the correct fix. > > > > Good find! > > As a followup to this - it's not the right fix, and my understanding was > not sufficient. > > Arne understands the code better and has just moved the possibly-invalid > pointer initialization a few lines down (to be committed in the next few > minutes), after the check on "i" and error-exit. > > Thanks for your report! > > (There is another one which I'll look into "really soon now" :-) ) > > gert > > -- > "If was one thing all people took for granted, was conviction that if you > feed honest figures into a computer, honest figures come out. Never > doubted > it myself till I met a computer with a sense of humor." > Robert A. Heinlein, The Moon is a Harsh > Mistress > > Gert Doering - Munich, Germany > [email protected] >
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
