plugin/auth-pam/auth-pam.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---

socket.c | 8 4 + 4 - 0 !
1 file changed, 4 insertions(+), 4 deletions(-)

---

openvpn.8 | 1578 789 + 789 - 0 !
1 file changed, 789 insertions(+), 789 deletions(-)

---

sample-config-files/client.conf | 2 1 + 1 - 0 !
sample-config-files/server.conf | 2 1 + 1 - 0 !
sample-config-files/static-home.conf | 2 1 + 1 - 0 !
sample-config-files/static-office.conf | 2 1 + 1 - 0 !
sample-config-files/tls-home.conf | 2 1 + 1 - 0 !
sample-config-files/tls-office.conf | 2 1 + 1 - 0 !
6 files changed, 6 insertions(+), 6 deletions(-)

---

init.c | 77 77 + 0 - 0 !
1 file changed, 77 insertions(+)

---

socket.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---

options.c | 14 14 + 0 - 0 !
1 file changed, 14 insertions(+)

---

README.ipv6 | 79 79 + 0 - 0 !
TODO.ipv6 | 30 30 + 0 - 0 !
buffer.c | 17 17 + 0 - 0 !
buffer.h | 5 5 + 0 - 0 !
config.h.in | 3 3 + 0 - 0 !
configure | 77 77 + 0 - 0 !
init.c | 43 26 + 17 - 0 !
manage.c | 10 5 + 5 - 0 !
mroute.c | 60 56 + 4 - 0 !
mtcp.c | 5 5 + 0 - 0 !
multi.c | 38 23 + 15 - 0 !
occ.c | 2 1 + 1 - 0 !
options.c | 102 83 + 19 - 0 !
ps.c | 6 3 + 3 - 0 !
route.c | 24 17 + 7 - 0 !
socket.c | 980 842 + 138 - 0 !
socket.h | 235 204 + 31 - 0 !
socks.c | 18 9 + 9 - 0 !
syshead.h | 7 7 + 0 - 0 !
tun.c | 2 2 + 0 - 0 !
win32.h | 5 4 + 1 - 0 !
21 files changed, 1498 insertions(+), 250 deletions(-)

---

README.eurephia | 24 24 + 0 - 0 !
options.c | 4 4 + 0 - 0 !
ssl.c | 12 12 + 0 - 0 !
3 files changed, 40 insertions(+)

---

ssl.c | 3 2 + 1 - 0 !
ssl.h | 4 2 + 2 - 0 !
2 files changed, 4 insertions(+), 3 deletions(-)

---

openvpn.8 | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---

push.c | 17 17 + 0 - 0 !
1 file changed, 17 insertions(+)

 when the client sends push_requests, it waits until the server
 sends PUSH_REPLY. If the server do not have anything to push to the client
 nothing happens. The client will then regularly send new PUSH_REQUESTS until
 it gets an answer, which results in not completing the connection negotiation.
 This patch makes the server send an empty PUSH_REPLY when it has nothing
 more to push to the client.

route.c | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

---

buffer.h | 8 8 + 0 - 0 !
crypto.c | 20 19 + 1 - 0 !
2 files changed, 27 insertions(+), 1 deletion(-)

---

ssl.c | 6 5 + 1 - 0 !
1 file changed, 5 insertions(+), 1 deletion(-)

 [patch] drop too-short control channel packets instead of asserting
 out.

This fixes a denial-of-service vulnerability where an authenticated client
could stop the server by triggering a server-side ASSERT().

OpenVPN would previously ASSERT() that control channel packets have a
payload of at least 4 bytes. An authenticated client could trigger this
assert by sending a too-short control channel packet to the server.

Thanks to Dragana Damjanovic for reporting the issue.

This bug has been assigned CVE-2014-8104.

Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>

sample-keys/ca.crt | 48 32 + 16 - 0 !
sample-keys/ca.key | 67 52 + 15 - 0 !
sample-keys/client.crt | 126 82 + 44 - 0 !
sample-keys/client.key | 43 28 + 15 - 0 !
sample-keys/server.crt | 130 88 + 42 - 0 !
sample-keys/server.key | 43 28 + 15 - 0 !
6 files changed, 310 insertions(+), 147 deletions(-)

---