OpenVPN hardening patches

[Sebastian Krahmer <krahmer () suse com>]

Hi

As required per list policy, I am forwarding the patch that
I sent to distros list two weeks ago, as well as to upstream.

It is available here:

https://bugzilla.suse.com/show_bug.cgi?id=934237

I am still discussing some points with upstream, but most of the issues
should have no/little impact; for example the FD_SETSIZE checks are good
to have but mostly appear on client side code that should not outrun
the fdset; or the _exit() in the assert is in place just to ensure
termination in case someone "creates" an non-exit path in the msg(M_FATAL)
function by changing the muting-code or alike.

I am not requesting any CVEs.

Sebastian

-- 

~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer () suse com - SuSE Security Team