mirror of
https://github.com/OpenVPN/openvpn.git
synced 2025-05-08 21:25:53 +08:00
d3015bfd65
This fixes an internal server error condition that can be triggered by a malicous authenticated client, a very unlucky corruption of packets in transit or by an attacker that is able to inject a specially created packet at the right time and is able to observe the traffic to construct the packet. The error condition results in an ASSERT statement being triggered, NOTE: due to the security sensitive nature, this patch was prepared under embargo on the security@openvpn.net mailing list, and thus has no publically available "mailing list discussion before merge" URL. CVE: 2025-2704 Change-Id: I07c1352204d308e5bde5f0b85e561a5dd0bc63c8 Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <385d88f0-d7c9-4330-82ff-9f5931183afd@rfc2549.org> Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit 82ee2fe4b42d9988c59ae3f83bd56a54d54e8c76)