1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-11-26 19:39:53 +03:00

Proto_OpenVPN.c: fix segmentation fault in OvsProceccRecvPacket()

OvsDecrypt() returns 0 when it fails, resulting in "size" rolling over with an end result of 4294967292.

This commit fixes the issue by checking whether "size" is greater than sizeof(UINT) before performing the subtraction.
This commit is contained in:
Davide Beatrici 2019-10-26 00:36:07 +02:00
parent 79a60bc5f0
commit 16bde47763

View File

@ -681,11 +681,13 @@ void OvsProceccRecvPacket(OPENVPN_SERVER *s, UDPPACKET *p)
{ {
// Decrypt // Decrypt
size = OvsDecrypt(c->CipherDecrypt, c->MdRecv, c->IvRecv, data, recv_packet->Data, recv_packet->DataSize); size = OvsDecrypt(c->CipherDecrypt, c->MdRecv, c->IvRecv, data, recv_packet->Data, recv_packet->DataSize);
if (size > sizeof(UINT))
{
// Seek buffer after the packet ID // Seek buffer after the packet ID
data += sizeof(UINT); data += sizeof(UINT);
size -= sizeof(UINT); size -= sizeof(UINT);
} }
}
// Update of last communication time // Update of last communication time
se->LastCommTick = s->Now; se->LastCommTick = s->Now;