From 77d86701ef8e2c018e627fd2eb6f9abe73026940 Mon Sep 17 00:00:00 2001
From: Arne Schwabe <arne@rfc2549.org>
Date: Wed, 5 Nov 2014 11:15:17 +0100
Subject: Update session id/peer id patch

---
 main/openvpn/config-version.h  |  2 +-
 main/openvpn/src/openvpn/ssl.c | 12 +++++++++++-
 2 files changed, 12 insertions(+), 2 deletions(-)

(limited to 'main')

diff --git a/main/openvpn/config-version.h b/main/openvpn/config-version.h
index 6e78aeaf..596b4992 100644
--- a/main/openvpn/config-version.h
+++ b/main/openvpn/config-version.h
@@ -1,2 +1,2 @@
-#define CONFIGURE_GIT_REVISION "icsopenvpn_620-df00abd6979b7376"
+#define CONFIGURE_GIT_REVISION "icsopenvpn_620-6cac58f2a5a44e94"
 #define CONFIGURE_GIT_FLAGS ""
diff --git a/main/openvpn/src/openvpn/ssl.c b/main/openvpn/src/openvpn/ssl.c
index 94b7b6d9..f79f42d9 100644
--- a/main/openvpn/src/openvpn/ssl.c
+++ b/main/openvpn/src/openvpn/ssl.c
@@ -2826,7 +2826,17 @@ tls_pre_decrypt (struct tls_multi *multi,
 		  opt->flags &= multi->opt.crypto_flags_and;
 		  opt->flags |= multi->opt.crypto_flags_or;
 
-		  ASSERT (buf_advance (buf, (op == P_DATA_V2) ? 4 : 1));
+		  ASSERT (buf_advance (buf, 1));
+		  if (op == P_DATA_V2)
+		    {
+		      if (buf->len < 4)
+			{
+			  msg (D_TLS_ERRORS, "Protocol error: received P_DATA_V2 from %s but length is < 4",
+				print_link_socket_actual (from, &gc));
+			  goto error;
+			}
+		      ASSERT (buf_advance (buf, 3));
+		    }
 
 		  ++ks->n_packets;
 		  ks->n_bytes += buf->len;
-- 
cgit v1.2.3