Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix remotely-triggerable ASSERT() on malformed IPv6 packet.
Correct sanity checks on IPv6 packet length in mss_fixup_ipv6(), and change the ASSERT() check in mss_fixup_dowork() into a simple "return" (= the TCP header will simply not be inspected further). CVE-2017-7508 has been assigned due to the serious nature of the bug: it can be used to remotely shutdown an openvpn server or client, if IPv6 and --mssfix are enabled and the IPv6 networks used inside the VPN are known. Found by Guido Vranken <guidovranken@gmail.com>. v2: style changes CVE: 2017-7508 Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: Steffan Karger <steffan.karger@fox-it.com> Message-Id: <20170613200832.15027-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/search?l=mid&q=20170613200832.15027-1-gert@greenie.muc.de Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit c3f4707)
- Loading branch information