diff options
-rw-r--r-- | main/openvpn/config-version.h | 2 | ||||
-rw-r--r-- | main/openvpn/src/openvpn/ssl.c | 12 |
2 files changed, 12 insertions, 2 deletions
diff --git a/main/openvpn/config-version.h b/main/openvpn/config-version.h index 6e78aeaf..596b4992 100644 --- a/main/openvpn/config-version.h +++ b/main/openvpn/config-version.h @@ -1,2 +1,2 @@ -#define CONFIGURE_GIT_REVISION "icsopenvpn_620-df00abd6979b7376" +#define CONFIGURE_GIT_REVISION "icsopenvpn_620-6cac58f2a5a44e94" #define CONFIGURE_GIT_FLAGS "" diff --git a/main/openvpn/src/openvpn/ssl.c b/main/openvpn/src/openvpn/ssl.c index 94b7b6d9..f79f42d9 100644 --- a/main/openvpn/src/openvpn/ssl.c +++ b/main/openvpn/src/openvpn/ssl.c @@ -2826,7 +2826,17 @@ tls_pre_decrypt (struct tls_multi *multi, opt->flags &= multi->opt.crypto_flags_and; opt->flags |= multi->opt.crypto_flags_or; - ASSERT (buf_advance (buf, (op == P_DATA_V2) ? 4 : 1)); + ASSERT (buf_advance (buf, 1)); + if (op == P_DATA_V2) + { + if (buf->len < 4) + { + msg (D_TLS_ERRORS, "Protocol error: received P_DATA_V2 from %s but length is < 4", + print_link_socket_actual (from, &gc)); + goto error; + } + ASSERT (buf_advance (buf, 3)); + } ++ks->n_packets; ks->n_bytes += buf->len; |