Menu
▾
▴
[Openvpn-devel] [XS] Change in openvpn[master]: Prevent crash on invalid server-ipv6 argument
|
From: cron2 (C. Review) <ge...@op...> - 2025-12-08 11:34:19
|
cron2 has uploaded a new patch set (#3) to the change originally created by klemens. ( http://gerrit.openvpn.net/c/openvpn/+/1418?usp=email ) The following approvals got outdated and were removed: Code-Review+2 by cron2 Change subject: Prevent crash on invalid server-ipv6 argument ...................................................................... Prevent crash on invalid server-ipv6 argument `get_addr_generic()` expects `openvpn_getaddrinfo()` to return a newly allocated struct, but getaddrinfo(3) failure leaves `*ai = NULL` as-is. On OpenBSD, unlike free(3), freegetaddrinfo(3) requires a valid struct, thus callers must check the argument to avoid NULL-deref or double-free: ``` $ openvpn --server-ipv6 '' 2025-12-06 11:59:18 RESOLVE: Cannot resolve host address: :[AF_INET6] (no address associated with name) Segmentation fault (core dumped) ``` Guard against empty `ai`, i.e. failure, like similar code already does: ``` $ ./openvpn --server-ipv6 '' 2025-12-06 12:05:11 RESOLVE: Cannot resolve host address: :[AF_INET6] (no address associated with name) Options error: error parsing --server-ipv6 parameter Use --help for more information. ``` Spotted through a configuration typo "server-ipv6 fd00:/64" with 2.6.17, reproduced with and tested against 2.7rc3 on OpenBSD/amd64 7.8-current. NB: Standards are unclear wrt. freeaddrinfo(3)'s NULL handling; Linux, FreeBSD and illumos do check it and thus not crash. Github: fixes OpenVPN/openvpn#930 Change-Id: I99a6604fdfc682f9609bfe7672aa78285084dcb9 Signed-off-by: Klemens Nanni <kn...@op...> Acked-by: Gert Doering <ge...@gr...> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1418 Message-Id: <202...@gr...> URL: https://www.mail-archive.com/ope...@li.../msg34870.html Signed-off-by: Gert Doering <ge...@gr...> --- M src/openvpn/socket.c 1 file changed, 4 insertions(+), 1 deletion(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/18/1418/3 diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index 46bedf4..80c2895 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -189,7 +189,10 @@ *sep = '/'; } out: - freeaddrinfo(ai); + if (ai) + { + freeaddrinfo(ai); + } free(var_host); return ret; -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1418?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: newpatchset Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I99a6604fdfc682f9609bfe7672aa78285084dcb9 Gerrit-Change-Number: 1418 Gerrit-PatchSet: 3 Gerrit-Owner: klemens <kn...@op...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> |
