mirror of
https://github.com/OpenVPN/openvpn.git
synced 2025-05-09 05:31:05 +08:00
fc61d1bda1
Correct sanity checks on IPv6 packet length in mss_fixup_ipv6(), and change the ASSERT() check in mss_fixup_dowork() into a simple "return" (= the TCP header will simply not be inspected further). CVE-2017-7508 has been assigned due to the serious nature of the bug: it can be used to remotely shutdown an openvpn server or client, if IPv6 and --mssfix are enabled and the IPv6 networks used inside the VPN are known. Found by Guido Vranken <guidovranken@gmail.com>. v2: style changes CVE: 2017-7508 Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: Steffan Karger <steffan.karger@fox-it.com> Message-Id: <20170613200832.15027-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/search?l=mid&q=20170613200832.15027-1-gert@greenie.muc.de Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit c3f47077a7756de5929094569421a95aa66f2022)
OpenVPN -- A Secure tunneling daemon Copyright (C) 2002-2010 OpenVPN Technologies, Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 2 as published by the Free Software Foundation. ************************************************************************* To get the latest release of OpenVPN, go to: https://openvpn.net/index.php/download/community-downloads.html To Build and Install, tar -zxf openvpn-<version>.tar.gz cd openvpn-<version> ./configure make make install or see the file INSTALL for more info. ************************************************************************* For detailed information on OpenVPN, including examples, see the man page http://openvpn.net/man.html For a sample VPN configuration, see http://openvpn.net/howto.html To report an issue, see https://community.openvpn.net/openvpn/report For a description of OpenVPN's underlying protocol, see the file ssl.h included in the source distribution. ************************************************************************* Other Files & Directories: * INSTALL-win32.txt -- installation instructions for Windows * configure.ac -- script to rebuild our configure script and makefile. * sample/sample-scripts/verify-cn A sample perl script which can be used with OpenVPN's --tls-verify option to provide a customized authentication test on embedded X509 certificate fields. * sample/sample-keys/ Sample RSA keys and certificates. DON'T USE THESE FILES FOR ANYTHING OTHER THAN TESTING BECAUSE THEY ARE TOTALLY INSECURE. * sample/sample-config-files/ A collection of OpenVPN config files and scripts from the HOWTO at http://openvpn.net/howto.html ************************************************************************* Note that easy-rsa and tap-windows are now maintained in their own subprojects. Their source code is available here: https://github.com/OpenVPN/easy-rsa https://github.com/OpenVPN/tap-windows The old cross-compilation environment (domake-win) and the Python-based buildsystem have been replaced with openvpn-build: https://github.com/OpenVPN/openvpn-build See the INSTALL file for usage information.