openvpn: String returned from openvpn is not null-terminated
wireshark shows strings returned by OpenVPN management interface as an
aswer to "state" cmd contain no null character at the end. As a
consequence, osmo_strlcpy cannot be used since it calls strlen() on the
source.
Probably previous implementation was harmless because we zero-fill msgb
buffers prior to filling them.
Change-Id: I4356dc08324a6d877c9e8112306570aabbf6e777
diff --git a/src/osysmon_openvpn.c b/src/osysmon_openvpn.c
index d9e38f0..5ca0c83 100644
--- a/src/osysmon_openvpn.c
+++ b/src/osysmon_openvpn.c
@@ -65,9 +65,10 @@
char *tok;
unsigned int i = 0;
uint8_t *m = msgb_data(msg);
+ unsigned int truncated_len = OSMO_MIN(sizeof(tmp) - 1, msgb_length(msg));
- if (msgb_length(msg) > 128)
- OVPN_LOG(msg, vpn, "received message too long (%d > %u), truncating...\n", msgb_length(msg), 128);
+ if (msgb_length(msg) > truncated_len)
+ OVPN_LOG(msg, vpn, "received message too long (%d >= %u), truncating...\n", msgb_length(msg), truncated_len);
if (msgb_length(msg) > 0) {
if (!isdigit(m[0])) /* skip OpenVPN greetings and alike */
@@ -77,7 +78,8 @@
return NULL;
}
- OSMO_STRLCPY_ARRAY(tmp, (char *)m);
+ memcpy(tmp, m, truncated_len);
+ tmp[truncated_len] = '\0';
for (tok = strtok(tmp, ","); tok && i < MAX_RESP_COMPONENTS; tok = strtok(NULL, ",")) {
/* The string format is documented in https://openvpn.net/community-resources/management-interface/ */