mirror of
https://github.com/SoftEtherVPN/SoftEtherVPN.git
synced 2024-12-26 01:59:53 +03:00
Fix Vulnerability: CVE-2023-22325 TALOS-2023-1736
SoftEther VPN DCRegister DDNS_RPC_MAX_RECV_SIZE denial of service vulnerability https://www.softether.org/9-about/News/904-SEVPN202301 https://jvn.jp/en/jp/JVN64316789/
This commit is contained in:
parent
b8e542105f
commit
c49e462ed1
@ -43,7 +43,7 @@
|
||||
#define DDNS_URL2_V4_ALT "http://get-my-ip.ddns.uxcom.jp/ddns/getmyip.ashx"
|
||||
#define DDNS_URL2_V6_ALT "http://get-my-ip-v6.ddns.uxcom.jp/ddns/getmyip.ashx"
|
||||
|
||||
#define DDNS_RPC_MAX_RECV_SIZE DYN32(DDNS_RPC_MAX_RECV_SIZE, (128 * 1024 * 1024))
|
||||
#define DDNS_RPC_MAX_RECV_SIZE DYN32(DDNS_RPC_MAX_RECV_SIZE, (38 * 1024 * 1024))
|
||||
|
||||
// Connection Timeout
|
||||
#define DDNS_CONNECT_TIMEOUT DYN32(DDNS_CONNECT_TIMEOUT, (15 * 1000))
|
||||
|
@ -3114,6 +3114,10 @@ void AdjustBufSize(BUF *b, UINT new_size)
|
||||
|
||||
while (b->SizeReserved < new_size)
|
||||
{
|
||||
if (b->SizeReserved > 0x7FFFFFFF)
|
||||
{
|
||||
AbortExitEx("AdjustBufSize(): too large buffer size");
|
||||
}
|
||||
b->SizeReserved = b->SizeReserved * 2;
|
||||
}
|
||||
b->Buf = ReAlloc(b->Buf, b->SizeReserved);
|
||||
|
@ -1191,7 +1191,9 @@ void RUDPProcess_NatT_Recv(RUDP_STACK *r, UDPPACKET *udp)
|
||||
bool is_ok = PackGetBool(p, "ok");
|
||||
UINT64 tran_id = PackGetInt64(p, "tran_id");
|
||||
|
||||
ExtractAndApplyDynList(p);
|
||||
// This ExtractAndApplyDynList() calling was removed because it is not actually used and could be abused by
|
||||
// illegal UDP packets that spoof the source IP address. 2023-6-14 Daiyuu Nobori
|
||||
// ExtractAndApplyDynList(p);
|
||||
|
||||
if (r->ServerMode)
|
||||
{
|
||||
|
Loading…
Reference in New Issue
Block a user