mirror/openvpn
0
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn.git synced 2024-09-19 19:42:30 +02:00
Code

Fix snprintf/swnprintf related compiler warnings

Browse Source 
When openvpn_snprintf is replaced by snprintf the GCC/MSVC compiler
will perform additional checks that the result is not truncated.

This warning can be avoid by either explicitly checking the return value
of snprintf (proxy) or ensuring that it is never truncated(tls crypt)

Change-Id: If23988a05dd53a519c5e57f2aa3b2d10bd29df1d
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
Message-Id: <20240326104101.531291-1-frank@lichtenheld.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28475.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
This commit is contained in:
Arne Schwabe 2024-03-26 11:41:01 +01:00 committed by Gert Doering
parent e8c629fe64
commit 6889d9e2f1
5 changed files with 25 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/openvpn/proxy.c
View File

@ -948,17 +948,21 @@ establish_http_proxy_passthru(struct http_proxy_info *p,
}
/* send digest response */
openvpn_snprintf(buf, sizeof(buf), "Proxy-Authorization: Digest username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s\", qop=%s, nc=%s, cnonce=\"%s\", response=\"%s\"%s",
username,
realm,
nonce,
uri,
qop,
nonce_count,
cnonce,
response,
opaque_kv
);
int sret = openvpn_snprintf(buf, sizeof(buf), "Proxy-Authorization: Digest username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s\", qop=%s, nc=%s, cnonce=\"%s\", response=\"%s\"%s",
username,
realm,
nonce,
uri,
qop,
nonce_count,
cnonce,
response,
opaque_kv
);
if (sret >= sizeof(buf))
{
goto error;
}
msg(D_PROXY, "Send to HTTP proxy: '%s'", buf);
if (!send_line_crlf(sd, buf))
{

7
src/openvpn/socks.c
View File

@ -109,8 +109,11 @@ socks_username_password_auth(struct socks_proxy_info *p,
"Authentication not possible.");
goto cleanup;
}
openvpn_snprintf(to_send, sizeof(to_send), "\x01%c%s%c%s", (int) strlen(creds.username),
creds.username, (int) strlen(creds.password), creds.password);
int sret = openvpn_snprintf(to_send, sizeof(to_send), "\x01%c%s%c%s",
(int) strlen(creds.username), creds.username,
(int) strlen(creds.password), creds.password);
ASSERT(sret <= sizeof(to_send));
size = send(sd, to_send, strlen(to_send), MSG_NOSIGNAL);
if (size != strlen(to_send))

4
src/openvpn/ssl_openssl.c
View File

@ -2069,7 +2069,7 @@ print_pkey_details(EVP_PKEY *pkey, char *buf, size_t buflen)
#endif
#ifndef OPENSSL_NO_EC
char groupname[256];
char groupname[64];
if (is_ec)
{
size_t len;
@ -2130,7 +2130,7 @@ static void
print_cert_details(X509 *cert, char *buf, size_t buflen)
{
EVP_PKEY *pkey = X509_get_pubkey(cert);
char pkeybuf[128] = { 0 };
char pkeybuf[64] = { 0 };
print_pkey_details(pkey, pkeybuf, sizeof(pkeybuf));
char sig[128] = { 0 };

2
src/openvpn/tls_crypt.c
View File

@ -575,7 +575,7 @@ tls_crypt_v2_verify_metadata(const struct tls_wrap_ctx *ctx,
char metadata_type_str[4] = { 0 }; /* Max value: 255 */
openvpn_snprintf(metadata_type_str, sizeof(metadata_type_str),
"%i", metadata_type);
"%i", (uint8_t) metadata_type);
struct env_set *es = env_set_create(NULL);
setenv_str(es, "script_type", "tls-crypt-v2-verify");
setenv_str(es, "metadata_type", metadata_type_str);

3
src/openvpnserv/interactive.c
View File

@ -33,6 +33,7 @@
#include <sddl.h>
#include <shellapi.h>
#include <mstcpip.h>
#include <inttypes.h>
#include <versionhelpers.h>
@ -2002,7 +2003,7 @@ RunOpenvpn(LPVOID p)
ReturnLastError(pipe, L"malloc");
goto out;
}
openvpn_swprintf(cmdline, cmdline_size, L"openvpn %ls --msg-channel %lu",
openvpn_swprintf(cmdline, cmdline_size, L"openvpn %ls --msg-channel %" PRIuPTR,
sud.options, svc_pipe);
if (!CreateEnvironmentBlock(&user_env, imp_token, FALSE))