Hi, On 17 September 2016 at 14:53, Lev Stipakov <lstipa...@gmail.com> wrote: > From: Lev Stipakov <lev.stipa...@f-secure.com> > > v3: > * move assert outside of loop > * add max-clients value check to options > > [...] > > --- a/src/openvpn/options.c > +++ b/src/openvpn/options.c > @@ -5893,6 +5893,11 @@ add_option (struct options *options, > msg (msglevel, "--max-clients must be at least 1"); > goto err; > } > + if (max_clients >= 0xFFFFFF) /* max peer-id value */ > + { > + msg (msglevel, "--max-clients must be less than 0xFFFFFF"); > + goto err; > + } > options->max_clients = max_clients; > } > else if (streq (p[0], "max-routes-per-client") && p[1] && !p[2])
Thanks. One more nitpick though. There are quite some occurrences of 0xFFFFFF now. I think a #define MAX_PEER_ID 0xFFFFFF is warranted. And if you do so, please change to error message to print the decimal value, since that is also how we expect users to specify the --max-clients argument. -Steffan ------------------------------------------------------------------------------ _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel