"Obviously correct" :-) - not tested further (Coverity found this and
will tell us if it considers the code fixed now).
Note that this has a very limited impact - only if running very recent
master, and only if receiving more than 2^36 packets that can not
be decrypted - then we might crash due to free()ing an uninitialized
pointer.
Your patch has been applied to the master branch.
commit 5e086c08f2ce4428fd014b74441f0197a71d6da8
Author: Frank Lichtenheld
Date: Mon Jan 13 12:22:26 2025 +0100
Fix 'uninitialized pointer read' in openvpn_decrypt_aead
Signed-off-by: Frank Lichtenheld <[email protected]>
Acked-by: Antonio Quartulli <[email protected]>
Message-Id: <[email protected]>
URL:
https://www.mail-archive.com/[email protected]/msg30421.html
Signed-off-by: Gert Doering <[email protected]>
--
kind regards,
Gert Doering
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
