f52f437070
This is a bugfix release containing security fixes. Security Fixes (included in 2.6.7): CVE-2023-46850 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly use a send buffer after it has been free()d in some circumstances, causing some free()d memory to be sent to the peer. All configurations using TLS (e.g. not using --secret) are affected by this issue. CVE-2023-46849 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly restore --fragment configuration in some circumstances, leading to a division by zero when --fragment is used. On platforms where division by zero is fatal, this will cause an OpenVPN crash. For details refer to https://github.com/OpenVPN/openvpn/blob/v2.6.8/Changes.rst Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
12 lines
409 B
Diff
12 lines
409 B
Diff
--- a/src/openvpn/ssl_verify_openssl.c
|
|
+++ b/src/openvpn/ssl_verify_openssl.c
|
|
@@ -267,6 +267,9 @@ backend_x509_get_username(char *common_n
|
|
return FAILURE;
|
|
}
|
|
}
|
|
+#if defined(ENABLE_CRYPTO_WOLFSSL)
|
|
+ #define LN_serialNumber "serialNumber"
|
|
+#endif
|
|
else if (strcmp(LN_serialNumber, x509_username_field) == 0)
|
|
{
|
|
ASN1_INTEGER *asn1_i = X509_get_serialNumber(peer_cert);
|