Hi, On Mon, Dec 12, 2022 at 12:24:10PM +0000, Maximilian Fillinger wrote: > Right now, openvpn just checks that we have at most 980 base64 characters > and then tries to decode them into a 733 byte buffer. But 980 characters > of base64 can encode up to 735 bytes. In that case, openvpn gives a fatal > error about being unable to decode the base64 which I find misleading. > > My patch always allocates a large enough buffer to decode the base64 and > checks that the decoded length is <= 733. An alternative would be to check > the base64 length, decode to a 735 bytes buffer, then check the decoded > length. I thought it's cleaner to have one length check, but I don't have > a strong opinion about this.
Thanks (to you and Arne, your mails arrived here about the same time) - I was indeed confused about pre-decode / post-decode buffer size, and padding. Will proceed with merging as soon as I have the EEN patch out of the way. gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel