Hi,
On Fri, Jun 16, 2017 at 12:01:03AM +0200, David Sommerseth wrote:
> > That still poses the question, is a plugin supposed to be able to alter the
> > environment presented to the auth-user-pass-verify script?
>
> You have discovered something I've not been thinking of. But yes,
> plug-ins c
From: Guido Vranken
Prevents that the client crashes if the peer does not specify
the 'realm' and/or 'nonce' values. These pointers are
dereferenced in DigestCalcHA1() and DigestCalcResponse();
hence, if not set, a null-pointer dereference would occur.
Signed-off-by: Guido Vranken
---
src/open
On 13/06/17 21:15, Selva Nair wrote:
On Tue, Jun 13, 2017 at 3:37 PM, Gert Doering wrote:
On Tue, Jun 13, 2017 at 03:33:35PM -0400, Selva Nair wrote:
Right :) But we could probably do better using Set instead of Add while
the address is set using the service. I'm not that familiar with ipa
> On 16 Jun 2017, at 06:01, David Sommerseth
> wrote:
> That said ... this needs to be changed, I think it makes sense to take
> some action to reduce this possibility. By manipulating pointers
> provided to you via the the plug-in interface, you can make the OpenVPN
> process crash and burn ..
On 15/06/17 18:11, Steven Haigh wrote:
> On Thursday, 15 June 2017 5:47:39 PM AEST Gert Doering wrote:
>> Hi,
>>
>> On Thu, Jun 15, 2017 at 12:50:40PM +1000, Steven Haigh wrote:
[...snip...]
>>
>> old:
>>
>> else
>> {
>> setenv_str(session->opt->es, "username", up->usern
On Thursday, 15 June 2017 5:47:39 PM AEST Gert Doering wrote:
> Hi,
>
> On Thu, Jun 15, 2017 at 12:50:40PM +1000, Steven Haigh wrote:
> > I'm just trying to figure out if its expected behaviour to have the
> > 'username' set in the environment when using the auth-user-pass-verify
> > script.
>
>
Hi Jeremie,
On Thu, Jun 15, 2017 at 2:04 PM, Jeremie Courreges-Anglas
wrote:
>
> Hi,
>
> fwiw, this builds fine against LibreSSL, which seems to provide some but
> not all of the functions for which you wrote fallback implementations.
> LibreSSL as shipped in OpenBSD-current, ie the development
On Thu, Jun 15, 2017 at 8:32 AM, David Sommerseth <
open...@sf.lists.topphemmelig.net> wrote:
> On 13/06/17 22:51, Selva Nair wrote:
> > It takes only a few line sof code to exploit this on XP -- I have not
> > been able to exploit this on Vista but not 100% sure it has been
> > fixed for good on
On 13/06/17 20:50, Samuli Seppänen wrote:
Hi,
If I'm not mistaken, this is the same or related problem to the one I
reported early on in 2.4.x release cycle. There might actually be a Trac
ticket for it.
I encountered the issue with the Powershell test suite
(openvpn-windows-test) which ran
On 13/06/17 22:51, Selva Nair wrote:
> It takes only a few line sof code to exploit this on XP -- I have not
> been able to exploit this on Vista but not 100% sure it has been
> fixed for good on Vista+.
But do we really care much for anything older than Win7 these days? For
v2.3, perhaps yes - b
Hi,
fwiw, this builds fine against LibreSSL, which seems to provide some but
not all of the functions for which you wrote fallback implementations.
LibreSSL as shipped in OpenBSD-current, ie the development version.
make check passes, openvpn seems to behave correctly in client mode.
--
jca |
Hi,
On Thu, Jun 15, 2017 at 12:50:40PM +1000, Steven Haigh wrote:
> I'm just trying to figure out if its expected behaviour to have the
> 'username' set in the environment when using the auth-user-pass-verify
> script.
The code in question (ssl_verify.c) is older than the involvement of
any of
12 matches
Mail list logo