diff options
| author | Gert Doering <gert@greenie.muc.de> | 2010-10-21 10:35:29 +0200 |
|---|---|---|
| committer | David Sommerseth <dazo@users.sourceforge.net> | 2010-10-21 20:56:48 +0200 |
| commit | 59afc4a5f72e22b850cfa2845385172623a38e77 (patch) | |
| tree | 1c86fd147e6dee2454952bcea21ef5f9e269c2c9 /route.c | |
| parent | Fixed compiler warnings reported on Ubuntu 10.04 (diff) | |
| download | openvpn-59afc4a5f72e22b850cfa2845385172623a38e77.tar.xz | |
Fix problem with special case route targets ('remote_host')
The init_route() function will leave &netlist untouched for
get_special_addr() routes ("remote_host" being one of them).
netlist is on stack, contains random garbage, and netlist.len
will not be 0 - thus, random stack data is copied from
netlist.data[] until the route_list is full.
This issue has been reported several places lately:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=600166
http://thread.gmane.org/gmane.network.openvpn.devel/4083
https://forums.openvpn.net/viewtopic.php?f=1&t=7201&p=8168
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: David Sommerseth <dazo@users.sourceforge.net>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Diffstat (limited to '')
| -rw-r--r-- | route.c | 2 |
1 files changed, 2 insertions, 0 deletions
@@ -450,6 +450,8 @@ init_route_list (struct route_list *rl, struct route r; int k; + CLEAR(netlist); /* init_route() will not always init this */ + if (!init_route (&r, &netlist, &opt->routes[i], |