Please sign in to comment.
openssl: fix overflow check for long --tls-cipher option
The length check in tls_ctx_restrict_ciphers() did not check for overflow, which could lead to a stack buffer overflow. This has no real-world impact, because --tls-cipher can only be specified by entities that are allowed to supply config settings. Since those entities can also change --script-security and call scripts and/or plugins, these users already have code execution at the level of the openvpn process. In other words: the attacker would not gain any capabilities. Nevertheless, a nasty bug that we should fix. This bug was discovered and reported to the OpenVPN security team by Guido Vranken. Signed-off-by: Steffan Karger <firstname.lastname@example.org> Acked-by: Gert Doering <email@example.com> Message-Id: <firstname.lastname@example.org> URL: https://email@example.com/msg14716.html Signed-off-by: Gert Doering <firstname.lastname@example.org>
- Loading branch information...