Skip to content

Commit

Permalink
Fix check_session_buf_not_used using wrong index
Browse files Browse the repository at this point in the history
The inner loop used i instead of j when iterating through the buffers.

Since i is always between 0 and 2 and ks->send_reliable->size is
(when it is defined) always 6 (TLS_RELIABLE_N_SEND_BUFFERS) this does not
cause an index of out bounds.  So while the check was not doing anything
really useful with i instead of j, at least it was not crashing or
anything similar.

Noticed-By: Jon Williams (braindead-bf) on Github issue #449
Change-Id: Ia3d5b4946138df322ebcd9e9e77d04328dacbc5d
Signed-off-by: Arne Schwabe <[email protected]>
Acked-by: Frank Lichtenheld <[email protected]>
Message-Id: <[email protected]>
URL: https://www.mail-archive.com/[email protected]/msg27576.html
Signed-off-by: Gert Doering <[email protected]>
  • Loading branch information
schwabe authored and cron2 committed Dec 2, 2023
1 parent 6158228 commit 59551b9
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/openvpn/ssl.c
Original file line number Diff line number Diff line change
Expand Up @@ -3207,7 +3207,7 @@ check_session_buf_not_used(struct buffer *to_link, struct tls_session *session)

for (int j = 0; j < ks->send_reliable->size; j++)
{
if (ks->send_reliable->array[i].buf.data == dataptr)
if (ks->send_reliable->array[j].buf.data == dataptr)
{
msg(M_INFO, "Warning buffer of freed TLS session is still in"
" use (session->key[%d].send_reliable->array[%d])",
Expand Down

0 comments on commit 59551b9

Please sign in to comment.