Fix Vulnerability: CVE-2023-25774 TALOS-2023-1743

SoftEther VPN vpnserver ConnectionAccept () denial of service vulnerability
2026-04-21 06:19:25 +03:00 · 2023-10-09 17:13:41 +02:00
parent 3b932f5fee
commit 35077deaf1
5 changed files with 309 additions and 10 deletions
@@ -726,9 +726,8 @@ void AdminWebProcPost(CONNECTION *c, SOCK *s, HTTP_HEADER *h, UINT post_data_siz
 	if (RecvAll(s, data, post_data_size, s->SecureMode))
 	{
 		c->JsonRpcAuthed = true;
-#ifndef	GC_SOFTETHER_OSS
+
 		RemoveDosEntry(c->Listener, s);
-#endif	// GC_SOFTETHER_OSS

 		// Divide url_target into URL and query string
 		StrCpy(url, sizeof(url), url_target);
@@ -767,9 +766,8 @@ void AdminWebProcGet(CONNECTION *c, SOCK *s, HTTP_HEADER *h, char *url_target)
 	}

 	c->JsonRpcAuthed = true;
-#ifndef	GC_SOFTETHER_OSS
+
 	RemoveDosEntry(c->Listener, s);
-#endif	// GC_SOFTETHER_OSS

 	// Divide url_target into URL and query string
 	StrCpy(url, sizeof(url), url_target);
@@ -1199,9 +1197,7 @@ void JsonRpcProcOptions(CONNECTION *c, SOCK *s, HTTP_HEADER *h, char *url_target

 	c->JsonRpcAuthed = true;

-#ifndef	GC_SOFTETHER_OSS
 	RemoveDosEntry(c->Listener, s);
-#endif	// GC_SOFTETHER_OSS

 	AdminWebSendBody(s, 200, "OK", NULL, 0, NULL, NULL, NULL, h);
 }
@@ -1228,9 +1224,7 @@ void JsonRpcProcGet(CONNECTION *c, SOCK *s, HTTP_HEADER *h, char *url_target)

 	c->JsonRpcAuthed = true;

-#ifndef	GC_SOFTETHER_OSS
 	RemoveDosEntry(c->Listener, s);
-#endif	// GC_SOFTETHER_OSS

 	// Divide url_target into URL and query string
 	StrCpy(url, sizeof(url), url_target);
@@ -1357,9 +1351,7 @@ void JsonRpcProcPost(CONNECTION *c, SOCK *s, HTTP_HEADER *h, UINT post_data_size

 		c->JsonRpcAuthed = true;

-#ifndef	GC_SOFTETHER_OSS
 		RemoveDosEntry(c->Listener, s);
-#endif	// GC_SOFTETHER_OSS

 		if (json_req == NULL || json_req_object == NULL)
 		{