[Openvpn-devel] [S] Change in openvpn[master]: Add warning if a p2p NCP client connects to a p2mp server
Attention is currently required from: plaisthos. flichtenheld has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/323?usp=email ) Change subject: Add warning if a p2p NCP client connects to a p2mp server .. Patch Set 1: Code-Review+1 (2 comments) Patchset: PS1: LGTM, but I find it very difficult to see whether this is the right place for the check :/ File src/openvpn/ssl_ncp.c: http://gerrit.openvpn.net/c/openvpn/+/323/comment/ddecee43_db5699c2 : PS1, Line 262: /* For client doing the newer version of NCP (that send IV_CIPHER) Since you have done other drive-by typo fixes, should say "clients" here. -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/323?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I85ae4e1167e1395b4f59d5d0ecf6c38befcaa8a7 Gerrit-Change-Number: 323 Gerrit-PatchSet: 1 Gerrit-Owner: plaisthos Gerrit-Reviewer: flichtenheld Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Comment-Date: Thu, 10 Aug 2023 16:25:27 + Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [PATCH v2] Fix unaligned access in macOS/Solaris hwaddr
The undefined behaviour USAN clang checker found this.
This fix is a bit messy but so are the original structures.
Patch v2: handle the fact we need to beyond the struct ifr
correctly when mapping the result to struct sockaddr_dl
Change-Id: Ia797c8801fa9a9bc10b6674efde5fdbd7132e4a8
Signed-off-by: Arne Schwabe
---
src/openvpn/route.c | 32 +++-
1 file changed, 23 insertions(+), 9 deletions(-)
diff --git a/src/openvpn/route.c b/src/openvpn/route.c
index 90e981e97..bcf6fb878 100644
--- a/src/openvpn/route.c
+++ b/src/openvpn/route.c
@@ -3641,7 +3641,7 @@ get_default_gateway(struct route_gateway_info *rgi,
openvpn_net_ctx_t *ctx)
if (rgi->flags & RGI_IFACE_DEFINED)
{
struct ifconf ifc;
-struct ifreq *ifr;
+struct ifreq ifr;
const int bufsize = 4096;
char *buffer;
@@ -3666,23 +3666,37 @@ get_default_gateway(struct route_gateway_info *rgi,
openvpn_net_ctx_t *ctx)
for (cp = buffer; cp <= buffer + ifc.ifc_len - sizeof(struct ifreq); )
{
-ifr = (struct ifreq *)cp;
+/* this is not always using an 8 byte alignment that struct ifr
+ * requires */
+memcpy(&ifr, cp, sizeof(struct ifreq));
#if defined(TARGET_SOLARIS)
-const size_t len = sizeof(ifr->ifr_name) + sizeof(ifr->ifr_addr);
+const size_t len = sizeof(ifr.ifr_name) + sizeof(ifr.ifr_addr);
#else
-const size_t len = sizeof(ifr->ifr_name) +
max(sizeof(ifr->ifr_addr), ifr->ifr_addr.sa_len);
+const size_t len = sizeof(ifr.ifr_name) +
max(sizeof(ifr.ifr_addr), ifr.ifr_addr.sa_len);
#endif
-if (!ifr->ifr_addr.sa_family)
+if (!ifr.ifr_addr.sa_family)
{
break;
}
-if (!strncmp(ifr->ifr_name, rgi->iface, IFNAMSIZ))
+if (!strncmp(ifr.ifr_name, rgi->iface, IFNAMSIZ))
{
-if (ifr->ifr_addr.sa_family == AF_LINK)
+if (ifr.ifr_addr.sa_family == AF_LINK)
{
-struct sockaddr_dl *sdl = (struct sockaddr_dl
*)&ifr->ifr_addr;
-memcpy(rgi->hwaddr, LLADDR(sdl), 6);
+/* This is a broken member access. struct sockaddr_dl has
+ * 20 bytes while if_addr has only 16 bytes. So casting
if_addr
+ * to struct sockaddr_dl gives (legitimate) warnings
+ *
+ * sockaddr_dl has 12 bytes space for the inrerface name
and
+ * the hw address. So the last 4 that might be part of the
+ * hw address are not in if_addr, so we need
+ *
+ * So we use a memcpy here to avoid the warnings with ASAN
+ * that we are doing a very nasty cast here
+ */
+struct sockaddr_dl sdl = { 0 };
+memcpy(&sdl, cp + offsetof(struct ifreq, ifr_addr),
sizeof(sdl));
+memcpy(rgi->hwaddr, LLADDR(&sdl), 6);
rgi->flags |= RGI_HWADDR_DEFINED;
}
}
--
2.39.2 (Apple Git-143)
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: Add warning if a p2p NCP client connects to a p2mp server
Attention is currently required from: flichtenheld.
Hello flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/323?usp=email
to review the following change.
Change subject: Add warning if a p2p NCP client connects to a p2mp server
..
Add warning if a p2p NCP client connects to a p2mp server
Change-Id: I85ae4e1167e1395b4f59d5d0ecf6c38befcaa8a7
---
M src/openvpn/ssl_ncp.c
M src/openvpn/ssl_ncp.h
2 files changed, 9 insertions(+), 2 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/23/323/1
diff --git a/src/openvpn/ssl_ncp.c b/src/openvpn/ssl_ncp.c
index dafaef1..aae04e2 100644
--- a/src/openvpn/ssl_ncp.c
+++ b/src/openvpn/ssl_ncp.c
@@ -24,7 +24,7 @@
*/
/**
- * @file Control Channel SSL/Data dynamic negotion Module
+ * @file Control Channel SSL/Data dynamic negotiation Module
* This file is split from ssl.c to be able to unit test it.
*/
@@ -267,6 +267,13 @@
remote_cipher = "";
}
+if (extract_iv_proto(peer_info) & IV_PROTO_NCP_P2P)
+{
+msg(M_WARN, "Note: peer reports running in P2P mode (no
--pull/--client"
+"option). It will not negotiate ciphers with this server. "
+"Expect this connection to fail.");
+}
+
char *tmp_ciphers = string_alloc(server_list, &gc_tmp);
const char *token;
diff --git a/src/openvpn/ssl_ncp.h b/src/openvpn/ssl_ncp.h
index d27ed24..de7a0e4 100644
--- a/src/openvpn/ssl_ncp.h
+++ b/src/openvpn/ssl_ncp.h
@@ -23,7 +23,7 @@
*/
/**
- * @file Control Channel SSL/Data dynamic negotion Module
+ * @file Control Channel SSL/Data dynamic negotiation Module
* This file is split from ssl.h to be able to unit test it.
*/
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/323?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I85ae4e1167e1395b4f59d5d0ecf6c38befcaa8a7
Gerrit-Change-Number: 323
Gerrit-PatchSet: 1
Gerrit-Owner: plaisthos
Gerrit-Reviewer: flichtenheld
Gerrit-CC: openvpn-devel
Gerrit-Attention: flichtenheld
Gerrit-MessageType: newchange
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [XS] Change in openvpn[master]: options: Do not hide variables from parent scope
Attention is currently required from: flichtenheld. plaisthos has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/320?usp=email ) Change subject: options: Do not hide variables from parent scope .. Patch Set 1: Code-Review+2 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/320?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I9f9d0f0d5ab03f8cdfd7ba7200f2d56613cc586d Gerrit-Change-Number: 320 Gerrit-PatchSet: 1 Gerrit-Owner: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-Attention: flichtenheld Gerrit-Comment-Date: Thu, 10 Aug 2023 13:49:43 + Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
