-
Notifications
You must be signed in to change notification settings - Fork 100
/
openvpn-v2.5.1-aws.patch
142 lines (131 loc) · 3.94 KB
/
openvpn-v2.5.1-aws.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
diff --git a/src/openvpn/buffer.h b/src/openvpn/buffer.h
index 1722ffd5..640564bb 100644
--- a/src/openvpn/buffer.h
+++ b/src/openvpn/buffer.h
@@ -27,7 +27,7 @@
#include "basic.h"
#include "error.h"
-#define BUF_SIZE_MAX 1000000
+#define BUF_SIZE_MAX 1 << 21
/*
* Define verify_align function, otherwise
diff --git a/src/openvpn/common.h b/src/openvpn/common.h
index 623b3e0d..ce53f614 100644
--- a/src/openvpn/common.h
+++ b/src/openvpn/common.h
@@ -75,7 +75,7 @@ typedef unsigned long ptr_type;
* maximum size of a single TLS message (cleartext).
* This parameter must be >= PUSH_BUNDLE_SIZE
*/
-#define TLS_CHANNEL_BUF_SIZE 2048
+#define TLS_CHANNEL_BUF_SIZE 1 << 18
/*
* This parameter controls the maximum size of a bundle
diff --git a/src/openvpn/error.h b/src/openvpn/error.h
index eaedf172..782ba30c 100644
--- a/src/openvpn/error.h
+++ b/src/openvpn/error.h
@@ -36,7 +36,10 @@
#ifdef ENABLE_PKCS11
#define ERR_BUF_SIZE 8192
#else
-#define ERR_BUF_SIZE 1280
+/*
+ * Increase the error buffer size to 256 KB.
+ */
+#define ERR_BUF_SIZE 1 << 18
#endif
struct gc_arena;
diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c
index d86b6a79..d979a441 100644
--- a/src/openvpn/manage.c
+++ b/src/openvpn/manage.c
@@ -2240,7 +2240,7 @@ man_read(struct management *man)
/*
* read command line from socket
*/
- unsigned char buf[256];
+ unsigned char buf[MANAGEMENT_SOCKET_READ_BUFFER_SIZE];
int len = 0;
#ifdef TARGET_ANDROID
@@ -2580,7 +2580,7 @@ man_connection_init(struct management *man)
* Allocate helper objects for command line input and
* command output from/to the socket.
*/
- man->connection.in = command_line_new(1024);
+ man->connection.in = command_line_new(COMMAND_LINE_OPTION_BUFFER_SIZE);
man->connection.out = buffer_list_new(0);
/*
diff --git a/src/openvpn/manage.h b/src/openvpn/manage.h
index 881bfb14..3f12a82a 100644
--- a/src/openvpn/manage.h
+++ b/src/openvpn/manage.h
@@ -37,6 +37,9 @@
#define MANAGEMENT_ECHO_BUFFER_SIZE 100
#define MANAGEMENT_STATE_BUFFER_SIZE 100
+#define COMMAND_LINE_OPTION_BUFFER_SIZE OPTION_PARM_SIZE
+#define MANAGEMENT_SOCKET_READ_BUFFER_SIZE OPTION_PARM_SIZE
+
/*
* Management-interface-based deferred authentication
*/
diff --git a/src/openvpn/misc.h b/src/openvpn/misc.h
index e4342b0d..e3900b7d 100644
--- a/src/openvpn/misc.h
+++ b/src/openvpn/misc.h
@@ -69,7 +69,10 @@ struct user_pass
#ifdef ENABLE_PKCS11
#define USER_PASS_LEN 4096
#else
-#define USER_PASS_LEN 128
+/*
+ * Increase the username and password length size to 128KB.
+ */
+#define USER_PASS_LEN 1 << 17
#endif
char username[USER_PASS_LEN];
char password[USER_PASS_LEN];
diff --git a/src/openvpn/options.h b/src/openvpn/options.h
index 877e9396..c385d135 100644
--- a/src/openvpn/options.h
+++ b/src/openvpn/options.h
@@ -53,8 +53,8 @@
/*
* Max size of options line and parameter.
*/
-#define OPTION_PARM_SIZE 256
-#define OPTION_LINE_SIZE 256
+#define OPTION_PARM_SIZE USER_PASS_LEN
+#define OPTION_LINE_SIZE OPTION_PARM_SIZE
extern const char title_string[];
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index d7494c2b..addb2769 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -2110,7 +2110,7 @@ key_state_soft_reset(struct tls_session *session)
static bool
write_empty_string(struct buffer *buf)
{
- if (!buf_write_u16(buf, 0))
+ if (!buf_write_u32(buf, 0))
{
return false;
}
@@ -2125,7 +2125,7 @@ write_string(struct buffer *buf, const char *str, const int maxlen)
{
return false;
}
- if (!buf_write_u16(buf, len))
+ if (!buf_write_u32(buf, len))
{
return false;
}
@@ -2403,6 +2403,10 @@ key_method_2_write(struct buffer *buf, struct tls_session *session)
}
}
+ // Write key length in the first 4 octets of the buffer.
+ uint32_t length = BLEN(buf);
+ memcpy(buf->data, &length, sizeof(length));
+
return true;
error: