diff options
| author | Gert Doering <gert@greenie.muc.de> | 2010-10-21 10:35:29 +0200 |
|---|---|---|
| committer | David Sommerseth <dazo@users.sourceforge.net> | 2010-11-04 20:29:53 +0100 |
| commit | b5da875c06d7ea028d32f369873eb700c82d93d4 (patch) | |
| tree | 7b42a8dc511b197694c4b3809d12a53c37b86c94 | |
| parent | 5f866d914c71f010988fd85d5b178f3b8c3e2987 (diff) | |
| download | openvpn-b5da875c06d7ea028d32f369873eb700c82d93d4.tar.gz openvpn-b5da875c06d7ea028d32f369873eb700c82d93d4.tar.xz openvpn-b5da875c06d7ea028d32f369873eb700c82d93d4.zip | |
Fix problem with special case route targets ('remote_host')
The init_route() function will leave &netlist untouched for
get_special_addr() routes ("remote_host" being one of them).
netlist is on stack, contains random garbage, and netlist.len
will not be 0 - thus, random stack data is copied from
netlist.data[] until the route_list is full.
This issue has been reported several places lately:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=600166
http://thread.gmane.org/gmane.network.openvpn.devel/4083
https://forums.openvpn.net/viewtopic.php?f=1&t=7201&p=8168
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: David Sommerseth <dazo@users.sourceforge.net>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
(cherry picked from commit 59afc4a5f72e22b850cfa2845385172623a38e77)
| -rw-r--r-- | route.c | 2 |
1 files changed, 2 insertions, 0 deletions
@@ -450,6 +450,8 @@ init_route_list (struct route_list *rl, struct route r; int k; + CLEAR(netlist); /* init_route() will not always init this */ + if (!init_route (&r, &netlist, &opt->routes[i], |