Re: [Openvpn-devel] Request peer review of modified OpenVPN client software

2015-05-12 Thread David Sommerseth
On 12/05/15 16:41, Lisa Minogue wrote: >> "Jonathan K. Bullard" wrote: >> >> The openvpn_xorpatch which as introduced and discussed in this thread does >> have some vulnerabilities. >> >> Most of the vulnerabilities are null pointer dereferences or other errors >> when parsing the "scramble" opt

Re: [Openvpn-devel] Request peer review of modified OpenVPN client software

2015-05-12 Thread Lisa Minogue
> "Jonathan K. Bullard" wrote: > > The openvpn_xorpatch which as introduced and discussed in this thread does > have some vulnerabilities. > > Most of the vulnerabilities are null pointer dereferences or other errors > when parsing the "scramble" option or are triggered by unlikely values for >

Re: [Openvpn-devel] Request peer review of modified OpenVPN client software

2015-05-12 Thread Jonathan K. Bullard
On Tue, May 12, 2015 at 7:27 AM, Lisa Minogue wrote: > Can I conclude from your above statements that applying obfuscation > patches to the standard OpenVPN client software may actually introduce > security vulnerabilities? > The openvpn_xorpatch

Re: [Openvpn-devel] Request peer review of modified OpenVPN client software

2015-05-12 Thread Arne Schwabe
Am 12.05.15 um 13:27 schrieb Lisa Minogue: >> Arne Schwabe wrote: >> >> It has probably some obfuscation/encryption patches applied. There is no >> official obfuscation capability in OpenVPN yet since the core OpenVPN >> developers believe that such a mechansim should be either implemented in

Re: [Openvpn-devel] Request peer review of modified OpenVPN client software

2015-05-12 Thread Lisa Minogue
> Arne Schwabe wrote: > > It has probably some obfuscation/encryption patches applied. There is no > official obfuscation capability in OpenVPN yet since the core OpenVPN > developers believe that such a mechansim should be either implemented in a > plugin or other way (e.g., a proxy) that is f

Re: [Openvpn-devel] Request peer review of modified OpenVPN client software

2015-05-12 Thread Arne Schwabe
Am 12.05.15 um 09:59 schrieb Lisa Minogue: > Hi guys, > > I obtained a modified OpenVPN client software from a friend and wonder if any > of you would like to help review it for security vulnerabilities, design > flaws, incorrect implemention of code, etc... > > To the best of my knowledge, mod

[Openvpn-devel] Request peer review of modified OpenVPN client software

2015-05-12 Thread Lisa Minogue
Hi guys, I obtained a modified OpenVPN client software from a friend and wonder if any of you would like to help review it for security vulnerabilities, design flaws, incorrect implemention of code, etc... To the best of my knowledge, modifications include the ability to provide obfuscation an