Hi,
On 14-01-19 16:48, Arne Schwabe wrote:
> From: Arne Schwabe <a...@openvpn.net>
>
> Using a tls-crypt-v2 key with mbed TLS inline results in
>
> PEM decode error: source buffer not null-terminated
>
> This is because the mbed TLS decode PEM function excepts the last byte
> in the buffer to be 0x00. When constructing the buffer we only made as
> big as strlen, which does not include the 0x00 byte of a string. Add an
> extra byte to ensure also the null byte is included in the buffer.
> ---
> src/openvpn/tls_crypt.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c
> index 85495d7f..6bc2b7f8 100644
> --- a/src/openvpn/tls_crypt.c
> +++ b/src/openvpn/tls_crypt.c
> @@ -298,7 +298,7 @@ tls_crypt_v2_read_keyfile(struct buffer *key, const char
> *pem_name,
> }
> else
> {
> - buf_set_read(&key_pem, (const void *)key_inline, strlen(key_inline));
> + buf_set_read(&key_pem, (const void *)key_inline, strlen(key_inline)
> + 1);
> }
>
> if (!crypto_pem_decode(pem_name, key, &key_pem))
>
Change makes sense. Thanks for fixing my bugs.
I think we should try to add regression tests for bugs we encounter (if
reasonably doable), but let's not postpone merging the bugfix for that.
I'll sent a patch with a regression test later on.
Acked-by: Steffan Karger <steffan.kar...@fox-it.com>
-Steffan
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
