mirror of
https://github.com/OpenVPN/openvpn.git
synced 2025-05-08 13:18:19 +08:00
a9f5c744d6
The bounds check in read_key() was performed after using the value, instead of before. If 'key-method 1' is used, this allowed an attacker to send a malformed packet to trigger a stack buffer overflow. Fix this by moving the input validation to before the writes. Note that 'key-method 1' has been replaced by 'key method 2' as the default in OpenVPN 2.0 (released on 2005-04-17), and explicitly deprecated in 2.4 and marked for removal in 2.5. This should limit the amount of users impacted by this issue. CVE: 2017-12166 Signed-off-by: Steffan Karger <steffan.karger@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Acked-by: David Sommerseth <davids@openvpn.net> Message-Id: <80690690-67ac-3320-1891-9fecedc6a1fa@fox-it.com> URL: https://www.mail-archive.com/search?l=mid&q=80690690-67ac-3320-1891-9fecedc6a1fa@fox-it.com Signed-off-by: David Sommerseth <davids@openvpn.net> (cherry picked from commit fce34375295151f548a26c2d0eb30141e427c81a)
OpenVPN -- A Secure tunneling daemon Copyright (C) 2002-2010 OpenVPN Technologies, Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 2 as published by the Free Software Foundation. ************************************************************************* For the latest version of OpenVPN, go to: http://openvpn.net/ To Build and Install, ./configure make make install or see the file INSTALL for more info. ************************************************************************* For detailed information on OpenVPN, including examples, see the man page http://openvpn.net/man.html For a sample VPN configuration, see http://openvpn.net/howto.html For a description of OpenVPN's underlying protocol, see the file ssl.h included in the source distribution. ************************************************************************* Other Files & Directories: * INSTALL-win32.txt -- installation instructions for Windows * configure.ac -- script to rebuild our configure script and makefile. * openvpn.spec -- RPM Spec file To build an OpenVPN binary RPM, use the command: rpmbuild -tb [tarball] When you install the binary RPM, it will automatically install sample-scripts/openvpn.init (see below) * sample-scripts/openvpn.init A sample init script for OpenVPN. See the file for comments and additional information. * sample-scripts/verify-cn A sample perl script which can be used with OpenVPN's --tls-verify option to provide a customized authentication test on embedded X509 certificate fields. * sample-keys/ Sample RSA keys and certificates. DON'T USE THESE FILES FOR ANYTHING OTHER THAN TESTING BECAUSE THEY ARE TOTALLY INSECURE. * sample-config-files/ A collection of OpenVPN config files and scripts from the HOWTO at http://openvpn.net/howto.html * easy-rsa/ A simple guide to RSA key management, scripts included. Also see http://openvpn.net/easyrsa.html