Fix Vulnerability: CVE-2023-27395 TALOS-2023-1735

SoftEther VPN vpnserver WpcParsePacket () heap-based buffer overflow vulnerability https://www.softether.org/9-about/News/904-SEVPN202301 https://jvn.jp/en/jp/JVN64316789/
2025-07-17 21:24:57 +03:00 · 2023-09-28 18:24:12 +09:00
parent 18dc2621ec
commit b8e542105f
2 changed files with 10 additions and 6 deletions
--- a/src/Cedar/Wpc.c
+++ b/src/Cedar/Wpc.c
@ -313,8 +313,16 @@ BUF *WpcDataEntryToBuf(WPC_ENTRY *e)
 	}

 	data_size = e->Size + 4096;
-	data = Malloc(data_size);
-	size = DecodeSafe64(data, e->Data, e->Size);
+	data = ZeroMalloc(data_size);
+
+	if (e->Size >= 1)
+	{
+		size = DecodeSafe64(data, e->Data, e->Size);
+	}
+	else
+	{
+		size = 0;
+	}

 	b = NewBuf();
 	WriteBuf(b, data, size);