Change in osmo-sysmon[master]: openvpn: String returned from openvpn is not null-terminated

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

Pau Espin Pedrol gerrit-no-reply at lists.osmocom.org
Fri Mar 15 23:38:44 UTC 2019


Pau Espin Pedrol has submitted this change and it was merged. ( https://gerrit.osmocom.org/13284 )

Change subject: openvpn: String returned from openvpn is not null-terminated
......................................................................

openvpn: String returned from openvpn is not null-terminated

wireshark shows strings returned by OpenVPN management interface as an
aswer to "state" cmd contain no null character at the end. As a
consequence, osmo_strlcpy cannot be used since it calls strlen() on the
source.
Probably previous implementation was harmless because we zero-fill msgb
buffers prior to filling them.

Change-Id: I4356dc08324a6d877c9e8112306570aabbf6e777
---
M src/osysmon_openvpn.c
1 file changed, 5 insertions(+), 3 deletions(-)

Approvals:
  Jenkins Builder: Verified
  Harald Welte: Looks good to me, approved



diff --git a/src/osysmon_openvpn.c b/src/osysmon_openvpn.c
index d9e38f0..5ca0c83 100644
--- a/src/osysmon_openvpn.c
+++ b/src/osysmon_openvpn.c
@@ -65,9 +65,10 @@
 	char *tok;
 	unsigned int i = 0;
 	uint8_t *m = msgb_data(msg);
+	unsigned int truncated_len = OSMO_MIN(sizeof(tmp) - 1, msgb_length(msg));
 
-	if (msgb_length(msg) > 128)
-		OVPN_LOG(msg, vpn, "received message too long (%d > %u), truncating...\n", msgb_length(msg), 128);
+	if (msgb_length(msg) > truncated_len)
+		OVPN_LOG(msg, vpn, "received message too long (%d >= %u), truncating...\n", msgb_length(msg), truncated_len);
 
 	if (msgb_length(msg) > 0) {
 		if (!isdigit(m[0])) /* skip OpenVPN greetings and alike */
@@ -77,7 +78,8 @@
 		return NULL;
 	}
 
-	OSMO_STRLCPY_ARRAY(tmp, (char *)m);
+	memcpy(tmp, m, truncated_len);
+	tmp[truncated_len] = '\0';
 
 	for (tok = strtok(tmp, ","); tok && i < MAX_RESP_COMPONENTS; tok = strtok(NULL, ",")) {
 		/* The string format is documented in https://openvpn.net/community-resources/management-interface/ */

-- 
To view, visit https://gerrit.osmocom.org/13284
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-sysmon
Gerrit-Branch: master
Gerrit-MessageType: merged
Gerrit-Change-Id: I4356dc08324a6d877c9e8112306570aabbf6e777
Gerrit-Change-Number: 13284
Gerrit-PatchSet: 1
Gerrit-Owner: Pau Espin Pedrol <pespin at sysmocom.de>
Gerrit-Reviewer: Harald Welte <laforge at gnumonks.org>
Gerrit-Reviewer: Jenkins Builder (1000002)
Gerrit-Reviewer: Pau Espin Pedrol <pespin at sysmocom.de>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20190315/0320432a/attachment.htm>


More information about the gerrit-log mailing list