oss-sec mailing list archives
OpenVPN hardening patches
From: Sebastian Krahmer <krahmer () suse com>
Date: Wed, 24 Jun 2015 11:46:51 +0200
Hi As required per list policy, I am forwarding the patch that I sent to distros list two weeks ago, as well as to upstream. It is available here: https://bugzilla.suse.com/show_bug.cgi?id=934237 I am still discussing some points with upstream, but most of the issues should have no/little impact; for example the FD_SETSIZE checks are good to have but mostly appear on client side code that should not outrun the fdset; or the _exit() in the assert is in place just to ensure termination in case someone "creates" an non-exit path in the msg(M_FATAL) function by changing the muting-code or alike. I am not requesting any CVEs. Sebastian -- ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer () suse com - SuSE Security Team
Current thread:
- OpenVPN hardening patches Sebastian Krahmer (Jun 24)