[Openvpn-devel] [XS] Change in openvpn[master]: socks: In establish_socks_proxy_udpassoc check result of recv_socks_r...

Tue, 13 Jan 2026 04:45:05 -0800 

Attention is currently required from: plaisthos.

Hello plaisthos,

I'd like you to do a code review.
Please visit

    http://gerrit.openvpn.net/c/openvpn/+/1469?usp=email

to review the following change.


Change subject: socks: In establish_socks_proxy_udpassoc check result of 
recv_socks_reply
......................................................................

socks: In establish_socks_proxy_udpassoc check result of recv_socks_reply

Not just check the return value but also that relay_addr
is valid. recv_socks_reply doesn't care whether the answer
is what we expected. This is probably a very unlikely edge
case but it doesn't hurt to check for it here.

Reported-By: Joshua Rogers <[email protected]>
Found-By: ZeroPath (https://zeropath.com)
Github: openvpn-private-issues#13
Change-Id: Ic1c8f24de423541bdc85e70b5a688213800d86de
Signed-off-by: Frank Lichtenheld <[email protected]>
---
M src/openvpn/socks.c
1 file changed, 6 insertions(+), 2 deletions(-)



  git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/69/1469/1

diff --git a/src/openvpn/socks.c b/src/openvpn/socks.c
index 078b4e1..5cb5912 100644
--- a/src/openvpn/socks.c
+++ b/src/openvpn/socks.c
@@ -412,8 +412,7 @@
             send(ctrl_sd, "\x05\x03\x00\x01\x00\x00\x00\x00\x00\x00", 10, 
MSG_NOSIGNAL);
         if (size != 10)
         {
-            msg(D_LINK_ERRORS | M_ERRNO,
-                "establish_socks_proxy_passthru: TCP port write failed on 
send()");
+            msg(D_LINK_ERRORS | M_ERRNO, "%s: TCP port write failed on 
send()", __func__);
             goto error;
         }
     }
@@ -424,6 +423,11 @@
     {
         goto error;
     }
+    if (!relay_addr->addr.in4.sin_addr.s_addr)
+    {
+        msg(D_LINK_ERRORS, "%s: Socks proxy did not answer with IPv4 address", 
__func__);
+        goto error;
+    }

     return;


--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1469?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings?usp=email

Gerrit-MessageType: newchange
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: Ic1c8f24de423541bdc85e70b5a688213800d86de
Gerrit-Change-Number: 1469
Gerrit-PatchSet: 1
Gerrit-Owner: flichtenheld <[email protected]>
Gerrit-Reviewer: plaisthos <[email protected]>
Gerrit-CC: openvpn-devel <[email protected]>
Gerrit-Attention: plaisthos <[email protected]>

_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel






















					Reply via email to