1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-12-26 01:59:53 +03:00

Fix Vulnerability: CVE-2023-22325 TALOS-2023-1736

SoftEther VPN DCRegister DDNS_RPC_MAX_RECV_SIZE denial of service vulnerability
https://www.softether.org/9-about/News/904-SEVPN202301
https://jvn.jp/en/jp/JVN64316789/
This commit is contained in:
Daiyuu Nobori 2023-09-28 18:26:17 +09:00
parent b8e542105f
commit c49e462ed1
3 changed files with 8 additions and 2 deletions

View File

@ -43,7 +43,7 @@
#define DDNS_URL2_V4_ALT "http://get-my-ip.ddns.uxcom.jp/ddns/getmyip.ashx"
#define DDNS_URL2_V6_ALT "http://get-my-ip-v6.ddns.uxcom.jp/ddns/getmyip.ashx"
#define DDNS_RPC_MAX_RECV_SIZE DYN32(DDNS_RPC_MAX_RECV_SIZE, (128 * 1024 * 1024))
#define DDNS_RPC_MAX_RECV_SIZE DYN32(DDNS_RPC_MAX_RECV_SIZE, (38 * 1024 * 1024))
// Connection Timeout
#define DDNS_CONNECT_TIMEOUT DYN32(DDNS_CONNECT_TIMEOUT, (15 * 1000))

View File

@ -3114,6 +3114,10 @@ void AdjustBufSize(BUF *b, UINT new_size)
while (b->SizeReserved < new_size)
{
if (b->SizeReserved > 0x7FFFFFFF)
{
AbortExitEx("AdjustBufSize(): too large buffer size");
}
b->SizeReserved = b->SizeReserved * 2;
}
b->Buf = ReAlloc(b->Buf, b->SizeReserved);

View File

@ -1191,7 +1191,9 @@ void RUDPProcess_NatT_Recv(RUDP_STACK *r, UDPPACKET *udp)
bool is_ok = PackGetBool(p, "ok");
UINT64 tran_id = PackGetInt64(p, "tran_id");
ExtractAndApplyDynList(p);
// This ExtractAndApplyDynList() calling was removed because it is not actually used and could be abused by
// illegal UDP packets that spoof the source IP address. 2023-6-14 Daiyuu Nobori
// ExtractAndApplyDynList(p);
if (r->ServerMode)
{