Date: Wed, 24 Jun 2015 11:46:51 +0200 From: Sebastian Krahmer <krahmer@...e.com> To: oss-security@...ts.openwall.com Subject: OpenVPN hardening patches Hi As required per list policy, I am forwarding the patch that I sent to distros list two weeks ago, as well as to upstream. It is available here: https://bugzilla.suse.com/show_bug.cgi?id=934237 I am still discussing some points with upstream, but most of the issues should have no/little impact; for example the FD_SETSIZE checks are good to have but mostly appear on client side code that should not outrun the fdset; or the _exit() in the assert is in place just to ensure termination in case someone "creates" an non-exit path in the msg(M_FATAL) function by changing the muting-code or alike. I am not requesting any CVEs. Sebastian -- ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer@...e.com - SuSE Security Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ