Some OpenVPN clients (MikroTik router for example) do not send the peer info along with the key exchange. This patch makes the peer info string optional on the SoftEtherVPN side.
Suppose there is a TCP SYN or SYN-ACK packet taking options as:
02 04 05 b4 01 01 04 02 01 03 03 04
which is
Options: (12 bytes)
>Maximum segment size: 1460 bytes
>No-Operation (NOP)
>No-Operation (NOP)
>TCP SACK Permitted Option: True
>No-Operation (NOP)
>Window scale: 4 (multiply by 16)
Then the original parse function only returns MSS 1460 while WSS is 0.
[src/Cedar/Client.c:2184] -> [src/Cedar/Client.c:2187]: (warning) Either the condition 'rpc==0' is redundant or there is possible null pointer dereference: rpc.
[src/Cedar/Client.c:6032] -> [src/Cedar/Client.c:6035]: (warning) Either the condition 'ret!=0' is redundant or there is possible null pointer dereference: ret.
[src/Cedar/Connection.c:1041] -> [src/Cedar/Connection.c:1043]: (warning) Either the condition 's!=0' is redundant or there is possible null pointer dereference: s.
[src/Cedar/SM.c:875] -> [src/Cedar/SM.c:882]: (warning) Either the condition 'd==0' is redundant or there is possible null pointer dereference: d.
[src/Cedar/UdpAccel.c:119] -> [src/Cedar/UdpAccel.c:123]: (warning) Either the condition 'a==0' is redundant or there is possible null pointer dereference: a.
[src/Cedar/Virtual.c:2389] -> [src/Cedar/Virtual.c:2398]: (warning) Either the condition 'a==0' is redundant or there is possible null pointer dereference: a.
[src/Cedar/Virtual.c:4000] -> [src/Cedar/Virtual.c:4004]: (warning) Either the condition 'n==0' is redundant or there is possible null pointer dereference: n.
[src/Cedar/Virtual.c:4203] -> [src/Cedar/Virtual.c:4207]: (warning) Either the condition 'n==0' is redundant or there is possible null pointer dereference: n.
[src/Cedar/WebUI.c:1728] -> [src/Cedar/WebUI.c:1730]: (warning) Either the condition 'buf==0' is redundant or there is possible null pointer dereference: buf.
[src/Mayaqua/FileIO.c:383] -> [src/Mayaqua/FileIO.c:386]: (warning) Either the condition 'p==0' is redundant or there is possible null pointer dereference: p.
[src/Mayaqua/TcpIp.c:1837] -> [src/Mayaqua/TcpIp.c:1839]: (warning) Either the condition 'tcp!=0' is redundant or there is possible null pointer dereference: tcp.
[src/Cedar/Admin.c:11843] -> [src/Cedar/Admin.c:11845]: (warning) Either the condition 't==0' is redundant or there is possible null pointer dereference: t.
[src/Cedar/Admin.c:12316] -> [src/Cedar/Admin.c:12318]: (warning) Either the condition 'a==0' is redundant or there is possible null pointer dereference: a.
[src/Cedar/Admin.c:12576] -> [src/Cedar/Admin.c:12578]: (warning) Either the condition 't==0' is redundant or there is possible null pointer dereference: t.
[src/Cedar/Admin.c:12790] -> [src/Cedar/Admin.c:12792]: (warning) Either the condition 't==0' is redundant or there is possible null pointer dereference: t.
Due to DROWN (CVE-2016-0800), SSLv2 must be disabled by default. This is the most straight-forward way to ensure new installations are not vulnerable. The upgrade use case is not addressed by this PR, though I posted information to the forum: http://www.vpnusers.com/viewtopic.php?f=7&t=5596
This patch is made available under Contribution Option 1, to allow PacketiX to be fixed the same way.
