From: Mikhail Khachaiants <[email protected]> Add a family check to prevent copying address data of the wrong type, which could cause buffer over-read when parsing routes or endpoints.
CVE: 2025-12106 Github: OpenVPN/openvpn-private-issues#77 Signed-off-by: Mikhail Khachaiants <[email protected]> Acked-By: Gert Doering <[email protected]> Signed-Off-By: Gert Doering <[email protected]> --- src/openvpn/socket.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index f7317d13..8b6e35e4 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -147,6 +147,13 @@ get_addr_generic(sa_family_t af, unsigned int flags, const char *hostname, void struct in6_addr *ip6; in_addr_t *ip4; + if (af != ai->ai_family) + { + msg(msglevel, "Can't parse %s as IPv%d address", var_host, (af == AF_INET) ? 4 : 6); + ret = -1; + goto out; + } + switch (af) { case AF_INET: -- 2.51.2 _______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
