1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-11-22 17:39:53 +03:00

Fix Vulnerability: CVE-2023-27395 TALOS-2023-1735

SoftEther VPN vpnserver WpcParsePacket () heap-based buffer overflow vulnerability
https://www.softether.org/9-about/News/904-SEVPN202301
https://jvn.jp/en/jp/JVN64316789/
This commit is contained in:
Daiyuu Nobori 2023-09-28 18:24:12 +09:00
parent 18dc2621ec
commit b8e542105f
2 changed files with 10 additions and 6 deletions

View File

@ -541,13 +541,9 @@ UINT DCRegister(DDNS_CLIENT *c, bool ipv6, DDNS_REGISTER_PARAM *p, char *replace
} }
} }
Format(url2, sizeof(url2), "%s?v=%I64u", url, Rand64()); Format(url2, sizeof(url2), "%s?v=%I64u", url, Rand64());
Format(url3, sizeof(url3), url2, key_hash_str[2], key_hash_str[3]); Format(url3, sizeof(url3), url2, key_hash_str[2], key_hash_str[3]);
ReplaceStr(url3, sizeof(url3), url3, "https://", "http://");
ReplaceStr(url3, sizeof(url3), url3, ".servers", ".open.servers"); ReplaceStr(url3, sizeof(url3), url3, ".servers", ".open.servers");
cert_hash = StrToBin(DDNS_CERT_HASH); cert_hash = StrToBin(DDNS_CERT_HASH);

View File

@ -313,8 +313,16 @@ BUF *WpcDataEntryToBuf(WPC_ENTRY *e)
} }
data_size = e->Size + 4096; data_size = e->Size + 4096;
data = Malloc(data_size); data = ZeroMalloc(data_size);
if (e->Size >= 1)
{
size = DecodeSafe64(data, e->Data, e->Size); size = DecodeSafe64(data, e->Data, e->Size);
}
else
{
size = 0;
}
b = NewBuf(); b = NewBuf();
WriteBuf(b, data, size); WriteBuf(b, data, size);