From b8e542105f748b88e518a969c2189eca2e92f7dd Mon Sep 17 00:00:00 2001
From: Daiyuu Nobori <dnobori.gitcommit@coe.ad.jp>
Date: Thu, 28 Sep 2023 18:24:12 +0900
Subject: [PATCH] Fix Vulnerability: CVE-2023-27395 TALOS-2023-1735 SoftEther
 VPN vpnserver WpcParsePacket () heap-based buffer overflow vulnerability
 https://www.softether.org/9-about/News/904-SEVPN202301
 https://jvn.jp/en/jp/JVN64316789/

---
 src/Cedar/DDNS.c |  4 ----
 src/Cedar/Wpc.c  | 12 ++++++++++--
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/src/Cedar/DDNS.c b/src/Cedar/DDNS.c
index 87cd49f1..486c3bfe 100644
--- a/src/Cedar/DDNS.c
+++ b/src/Cedar/DDNS.c
@@ -541,13 +541,9 @@ UINT DCRegister(DDNS_CLIENT *c, bool ipv6, DDNS_REGISTER_PARAM *p, char *replace
 		}
 	}
 
-
-
 	Format(url2, sizeof(url2), "%s?v=%I64u", url, Rand64());
 	Format(url3, sizeof(url3), url2, key_hash_str[2], key_hash_str[3]);
 
-	ReplaceStr(url3, sizeof(url3), url3, "https://", "http://");
-
 	ReplaceStr(url3, sizeof(url3), url3, ".servers", ".open.servers");
 
 	cert_hash = StrToBin(DDNS_CERT_HASH);
diff --git a/src/Cedar/Wpc.c b/src/Cedar/Wpc.c
index 64e8a952..c53a32aa 100644
--- a/src/Cedar/Wpc.c
+++ b/src/Cedar/Wpc.c
@@ -313,8 +313,16 @@ BUF *WpcDataEntryToBuf(WPC_ENTRY *e)
 	}
 
 	data_size = e->Size + 4096;
-	data = Malloc(data_size);
-	size = DecodeSafe64(data, e->Data, e->Size);
+	data = ZeroMalloc(data_size);
+
+	if (e->Size >= 1)
+	{
+		size = DecodeSafe64(data, e->Data, e->Size);
+	}
+	else
+	{
+		size = 0;
+	}
 
 	b = NewBuf();
 	WriteBuf(b, data, size);