Re: [Openvpn-devel] [PATCH v2] auth-gen-token: Hardening memory cleanup on auth-token failuers

Steffan Karger Thu, 15 Dec 2016 13:55:58 -0800

Hi,

On 15 December 2016 at 13:22, David Sommerseth <[email protected]> wrote:
> Further improve the memory management when a clients --auth-token
> fails the server side token authentication enabled via --auth-gen-token.
>
> v2 - Add ASSERT() if base64 encoding of token fails


This will need rebasing because of the reformatting.

> @@ -1255,24 +1269,11 @@ verify_user_pass(struct user_pass *up, struct 
> tls_multi *multi,
>           /* The token should be longer than the input when
>             * being base64 encoded
>             */
> -         if( openvpn_base64_encode(tok, AUTH_TOKEN_SIZE,
> -                                    &multi->auth_token) < AUTH_TOKEN_SIZE)
> -           {
> -             msg(D_TLS_ERRORS, "BASE64 encoding of token failed. "
> -                  "No auth-token will be activated now");
> [...]
> +          ASSERT(openvpn_base64_encode(tok, AUTH_TOKEN_SIZE,
> +                                       &multi->auth_token) < 
> AUTH_TOKEN_SIZE);

Uhm, I think the < should be a > now?

-Steffan

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH v2] auth-gen-token: Hardening memory cleanup on auth-token failuers

Reply via email to