[Openvpn-devel] [XS] Change in openvpn[master]: Null-terminate tls-crypt client keys when testing

Thu, 21 May 2026 09:44:15 -0700 

Attention is currently required from: plaisthos.

Hello plaisthos,

I'd like you to do a code review.
Please visit

    http://gerrit.openvpn.net/c/openvpn/+/1701?usp=email

to review the following change.


Change subject: Null-terminate tls-crypt client keys when testing
......................................................................

Null-terminate tls-crypt client keys when testing

After generating a tls-crypt-v2 client key, OpenVPN will try to load the
generated key to verify that it was generated correctly. If the client
key is not written to disk but printed out on the command line, the PEM
encoded key is stored in memory and read_pem_key_file is called with
key_file_inline = true. However, this key is not a null-terminated
string, so we end up calling strlen on a buffer that isn't
null-terminated.

This commit adds a null-byte at the end of the key.

Change-Id: I2ca8bf90a796f2b757c2fde0ae24468ef3abc3b5
Signed-off-by: Max Fillinger <[email protected]>
---
M src/openvpn/tls_crypt.c
1 file changed, 2 insertions(+), 1 deletion(-)



  git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/01/1701/1

diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c
index e91f80c..8c3d722 100644
--- a/src/openvpn/tls_crypt.c
+++ b/src/openvpn/tls_crypt.c
@@ -758,9 +758,10 @@

     if (!filename || streq(filename, ""))
     {
-        printf("%.*s\n", BLEN(&client_key_pem), BPTR(&client_key_pem));
+        buf_null_terminate(&client_key_pem);
         client_file = (const char *)BPTR(&client_key_pem);
         client_inline = true;
+        printf("%s\n", client_file);
     }
     else if (!buffer_write_file(filename, &client_key_pem))
     {

--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1701?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings?usp=email

Gerrit-MessageType: newchange
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I2ca8bf90a796f2b757c2fde0ae24468ef3abc3b5
Gerrit-Change-Number: 1701
Gerrit-PatchSet: 1
Gerrit-Owner: MaxF <[email protected]>
Gerrit-Reviewer: plaisthos <[email protected]>
Gerrit-CC: openvpn-devel <[email protected]>
Gerrit-Attention: plaisthos <[email protected]>

_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel














    











					Reply via email to