Hi,
On 17 September 2016 at 14:53, Lev Stipakov <lstipa...@gmail.com> wrote:
> From: Lev Stipakov <lev.stipa...@f-secure.com>
>
> v3:
> * move assert outside of loop
> * add max-clients value check to options
>
> [...]
>
> --- a/src/openvpn/options.c
> +++ b/src/openvpn/options.c
> @@ -5893,6 +5893,11 @@ add_option (struct options *options,
> msg (msglevel, "--max-clients must be at least 1");
> goto err;
> }
> + if (max_clients >= 0xFFFFFF) /* max peer-id value */
> + {
> + msg (msglevel, "--max-clients must be less than 0xFFFFFF");
> + goto err;
> + }
> options->max_clients = max_clients;
> }
> else if (streq (p[0], "max-routes-per-client") && p[1] && !p[2])
Thanks. One more nitpick though. There are quite some occurrences of
0xFFFFFF now. I think a #define MAX_PEER_ID 0xFFFFFF is warranted.
And if you do so, please change to error message to print the decimal
value, since that is also how we expect users to specify the
--max-clients argument.
-Steffan
------------------------------------------------------------------------------
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
