Re: [Openvpn-devel] [PATCH] options: check for blanks in fingerprints and reject string if found
Am 22.04.21 um 01:49 schrieb Antonio Quartulli:
> From: Antonio Quartulli
>
> A fingerprint is not expected to contains any blank (white space),
> howeveri, the parser routine will still attempt parsing the octect
> and ignore the space.
>
> This means that a fingerprint like
> 5
> :F0:A8:75:70:46:6E:0B:A2:31:53:88:0B:0E:8C:E4:8A:5E:BF:1E:08:16:16:41:63:2C:B5:F4:D2:73:9F:E5
> will be parsed successfully.
>
> Explcitly check for spaces in the various octects, before conversion,
> and error out if any is found.
Explicitly
>
> Signed-off-by: Antonio Quartulli
> ---
> src/openvpn/options.c | 12
> 1 file changed, 12 insertions(+)
>
> diff --git a/src/openvpn/options.c b/src/openvpn/options.c
> index 817a1533..264fe383 100644
> --- a/src/openvpn/options.c
> +++ b/src/openvpn/options.c
> @@ -1099,6 +1099,18 @@ parse_hash_fingerprint(const char *str, int nbytes,
> int msglevel, struct gc_aren
> bs[0] = *cp++;
> bs[1] = *cp++;
> bs[2] = 0;
> +
> +/* the format string "%x" passed to sscanf will ignore any space and
> + * will still try to parse the other character. However, this is not
> + * expected format for a fingerprint, therefore explcitly check for
explicitly
> + * blanks in the string and error out if any is found
> + */
> +if (bs[0] == ' ' || bs[1] == ' ')
> +{
> +msg(msglevel, "format error in hash fingerprint unexpected
> blank: %s",
> +str);
> +}
> +
> byte = 0;
> if (sscanf(bs, "%x", ) != 1)
> {
>
I would not have spend the time to fix this but since Antonio done it:
Acked-By: Arne Schwabe
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [PATCH] options: check for blanks in fingerprints and reject string if found
From: Antonio Quartulli
A fingerprint is not expected to contains any blank (white space),
howeveri, the parser routine will still attempt parsing the octect
and ignore the space.
This means that a fingerprint like
5
:F0:A8:75:70:46:6E:0B:A2:31:53:88:0B:0E:8C:E4:8A:5E:BF:1E:08:16:16:41:63:2C:B5:F4:D2:73:9F:E5
will be parsed successfully.
Explcitly check for spaces in the various octects, before conversion,
and error out if any is found.
Signed-off-by: Antonio Quartulli
---
src/openvpn/options.c | 12
1 file changed, 12 insertions(+)
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 817a1533..264fe383 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -1099,6 +1099,18 @@ parse_hash_fingerprint(const char *str, int nbytes, int
msglevel, struct gc_aren
bs[0] = *cp++;
bs[1] = *cp++;
bs[2] = 0;
+
+/* the format string "%x" passed to sscanf will ignore any space and
+ * will still try to parse the other character. However, this is not
+ * expected format for a fingerprint, therefore explcitly check for
+ * blanks in the string and error out if any is found
+ */
+if (bs[0] == ' ' || bs[1] == ' ')
+{
+msg(msglevel, "format error in hash fingerprint unexpected blank:
%s",
+str);
+}
+
byte = 0;
if (sscanf(bs, "%x", ) != 1)
{
--
2.26.3
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
