1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
Description: Fix CVE-2024-28820.
Author: Graham Northup <grissess@nexusg.org>
Forwarded: yes
Last-Update: 2024-06-17
---
--- openvpn-auth-ldap-2.0.4.orig/src/openvpn-cr.c
+++ openvpn-auth-ldap-2.0.4/src/openvpn-cr.c
@@ -29,7 +29,7 @@ int extract_openvpn_cr(const char *response, openvpn_response *result, char **er
tokenIndexes[0] = response;
int tokenCnt = 1;
const char *p;
- for (p = response; *p; ++p) {
+ for (p = response; *p && tokenCnt < 15; ++p) {
if (*p == ':')
tokenIndexes[tokenCnt++] = p + 1;
}
|
