Hi, On Wed, Jun 19, 2024 at 12:30:04PM +0200, Gert Doering wrote: > From: Arne Schwabe <a...@rfc2549.org> > > This makes OpenVPN more picky in accepting control message in two aspects: > - Characters are checked in the whole buffer and not until the first > NUL byte > - if the message contains invalid characters, we no longer continue > evaluating a fixed up version of the message but rather stop > processing it completely. [..] > CVE: 2024-5594
So, for the record - this patch was discussed and reviewed "in private" on the secur...@openvpn.net list, because it was seen as having security implications. 2.6.11 release will happen today or tomorrow, so I'm posting this patch to the public list now for transparency, and will proceed with testing and merging. The security impact is fairly moderate - namely, a malicious peer can send (hand crafted) control channel messages that mess up logging(!) on the other side. No breach of crypto, leak of information, or remote code execution. But still an annoyance to be fixed and properly documented. Thanks, Reynir, for reading our sources with so much passion for details :-) gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel