1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-11-22 17:39:53 +03:00

src/Mayaqua/Str.c: fix denial of service reported by Cisco Talos

TALOS-2023-1741
CVE-2023-23581

SoftEther VPN vpnserver EnSafeHttpHeaderValueStr denial of service
vulnerability

A denial of service vulnerability exists in the vpnserver
EnSafeHttpHeaderValueStr functionality of SoftEther VPN 5.01.9674 and
5.02. A specially-crafted network packet can lead to denial of service.
This commit is contained in:
Ilya Shipitsin 2023-04-21 22:38:22 +02:00
parent 22c602f630
commit df6df007a3

View File

@ -2062,11 +2062,11 @@ void EnSafeHttpHeaderValueStr(char *str, char replace)
length = StrLen(str); length = StrLen(str);
while (index < length) while (index < length)
{ {
if (str[index] == '\r' || str[index] == '\n') if ((str[index] == '\r' || str[index] == '\n') && length - index > 1)
{ {
if (replace == ' ') if (replace == ' ')
{ {
Move(&str[index], &str[index + 1], length - index); Move(&str[index], &str[index + 1], length - index - 1);
} }
else else
{ {
@ -2075,12 +2075,12 @@ void EnSafeHttpHeaderValueStr(char *str, char replace)
} }
else if (str[index] == '\\') else if (str[index] == '\\')
{ {
if (str[index + 1] == 'r' || str[index + 1] == 'n') if ((str[index + 1] == 'r' || str[index + 1] == 'n') && length - index > 2)
{ {
if (replace == ' ') if (replace == ' ')
{ {
Move(&str[index], &str[index + 2], length - index); Move(&str[index], &str[index + 2], length - index - 2);
index--; index++;
} }
else else
{ {