mirror of
https://github.com/SoftEtherVPN/SoftEtherVPN.git
synced 2024-11-26 11:29:53 +03:00
Fix Vulnerability: CVE-2023-27395 TALOS-2023-1735
SoftEther VPN vpnserver WpcParsePacket () heap-based buffer overflow vulnerability https://www.softether.org/9-about/News/904-SEVPN202301 https://jvn.jp/en/jp/JVN64316789/
This commit is contained in:
parent
18dc2621ec
commit
b8e542105f
@ -541,13 +541,9 @@ UINT DCRegister(DDNS_CLIENT *c, bool ipv6, DDNS_REGISTER_PARAM *p, char *replace
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Format(url2, sizeof(url2), "%s?v=%I64u", url, Rand64());
|
Format(url2, sizeof(url2), "%s?v=%I64u", url, Rand64());
|
||||||
Format(url3, sizeof(url3), url2, key_hash_str[2], key_hash_str[3]);
|
Format(url3, sizeof(url3), url2, key_hash_str[2], key_hash_str[3]);
|
||||||
|
|
||||||
ReplaceStr(url3, sizeof(url3), url3, "https://", "http://");
|
|
||||||
|
|
||||||
ReplaceStr(url3, sizeof(url3), url3, ".servers", ".open.servers");
|
ReplaceStr(url3, sizeof(url3), url3, ".servers", ".open.servers");
|
||||||
|
|
||||||
cert_hash = StrToBin(DDNS_CERT_HASH);
|
cert_hash = StrToBin(DDNS_CERT_HASH);
|
||||||
|
@ -313,8 +313,16 @@ BUF *WpcDataEntryToBuf(WPC_ENTRY *e)
|
|||||||
}
|
}
|
||||||
|
|
||||||
data_size = e->Size + 4096;
|
data_size = e->Size + 4096;
|
||||||
data = Malloc(data_size);
|
data = ZeroMalloc(data_size);
|
||||||
|
|
||||||
|
if (e->Size >= 1)
|
||||||
|
{
|
||||||
size = DecodeSafe64(data, e->Data, e->Size);
|
size = DecodeSafe64(data, e->Data, e->Size);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
size = 0;
|
||||||
|
}
|
||||||
|
|
||||||
b = NewBuf();
|
b = NewBuf();
|
||||||
WriteBuf(b, data, size);
|
WriteBuf(b, data, size);
|
||||||
|
Loading…
Reference in New Issue
Block a user