Technically, this is a buffer read-overrun (strlen() being called on
a non-null-terminated buffer) - but since this happens only at command
line usage ("openvpn --gen-key ...") and this is not done in any sort
of privileged context, the consequences are "none". So not treated as
security issue, just a bug.
Stared at code, ran a few simple tests ("openvpn --genkey tls-crypt..."),
and unit tests. The code is not in use in "normal" operation, so not
subjected to t_client/t_server tests (beyond what BB already did).
Your patch has been applied to the master and release/2.7 branch.
commit b2dcffba0820a1a77472658623b5964e88cbb732 (master)
commit 4d22da0260fda3f1797f325f707e438286eebb24 (release/2.7)
commit e13b128112e474beb59f1b38d505a658c054c5b5 (release/2.6)
Author: Max Fillinger
Date: Tue Jun 9 12:24:01 2026 +0200
Null-terminate tls-crypt client keys when testing
Signed-off-by: Max Fillinger <[email protected]>
Acked-by: Gert Doering <[email protected]>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1701
Message-Id: <[email protected]>
URL:
https://www.mail-archive.com/[email protected]/msg37116.html
Signed-off-by: Gert Doering <[email protected]>
--
kind regards,
Gert Doering
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
