forked from samm-git/aws-vpn-client
-
Notifications
You must be signed in to change notification settings - Fork 0
/
openvpn-v2.4.9-aws.patch
160 lines (147 loc) · 4.54 KB
/
openvpn-v2.4.9-aws.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
diff --git a/configure.ac b/configure.ac
index 46900281..b48aad56 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1312,9 +1312,10 @@ if test "${enable_werror}" = "yes"; then
CFLAGS="${CFLAGS} -Werror"
fi
-if test "${WIN32}" = "yes"; then
- test -z "${MAN2HTML}" && AC_MSG_ERROR([man2html is required for win32])
-fi
+# Disable the check, as it is only required when PKCS is enabled.
+#if test "${WIN32}" = "yes"; then
+# test -z "${MAN2HTML}" && AC_MSG_ERROR([man2html is required for win32])
+#fi
if test "${enable_plugin_auth_pam}" = "yes"; then
PLUGIN_AUTH_PAM_CFLAGS="${LIBPAM_CFLAGS}"
diff --git a/src/openvpn/buffer.h b/src/openvpn/buffer.h
index c510c005..d4712b11 100644
--- a/src/openvpn/buffer.h
+++ b/src/openvpn/buffer.h
@@ -27,7 +27,7 @@
#include "basic.h"
#include "error.h"
-#define BUF_SIZE_MAX 1000000
+#define BUF_SIZE_MAX 1 << 21
/*
* Define verify_align function, otherwise
diff --git a/src/openvpn/common.h b/src/openvpn/common.h
index 0f732008..02f61152 100644
--- a/src/openvpn/common.h
+++ b/src/openvpn/common.h
@@ -77,7 +77,7 @@ typedef unsigned long ptr_type;
* maximum size of a single TLS message (cleartext).
* This parameter must be >= PUSH_BUNDLE_SIZE
*/
-#define TLS_CHANNEL_BUF_SIZE 2048
+#define TLS_CHANNEL_BUF_SIZE 1 << 18
/*
* This parameter controls the maximum size of a bundle
diff --git a/src/openvpn/error.h b/src/openvpn/error.h
index eaedf172..782ba30c 100644
--- a/src/openvpn/error.h
+++ b/src/openvpn/error.h
@@ -36,7 +36,10 @@
#ifdef ENABLE_PKCS11
#define ERR_BUF_SIZE 8192
#else
-#define ERR_BUF_SIZE 1280
+/*
+ * Increase the error buffer size to 256 KB.
+ */
+#define ERR_BUF_SIZE 1 << 18
#endif
struct gc_arena;
diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c
index 61d61ef2..136d4125 100644
--- a/src/openvpn/manage.c
+++ b/src/openvpn/manage.c
@@ -2159,7 +2159,7 @@ man_read(struct management *man)
/*
* read command line from socket
*/
- unsigned char buf[256];
+ unsigned char buf[MANAGEMENT_SOCKET_READ_BUFFER_SIZE];
int len = 0;
#ifdef TARGET_ANDROID
@@ -2499,7 +2499,7 @@ man_connection_init(struct management *man)
* Allocate helper objects for command line input and
* command output from/to the socket.
*/
- man->connection.in = command_line_new(1024);
+ man->connection.in = command_line_new(COMMAND_LINE_OPTION_BUFFER_SIZE);
man->connection.out = buffer_list_new(0);
/*
diff --git a/src/openvpn/manage.h b/src/openvpn/manage.h
index f286754b..709d271f 100644
--- a/src/openvpn/manage.h
+++ b/src/openvpn/manage.h
@@ -37,6 +37,9 @@
#define MANAGEMENT_ECHO_BUFFER_SIZE 100
#define MANAGEMENT_STATE_BUFFER_SIZE 100
+#define COMMAND_LINE_OPTION_BUFFER_SIZE OPTION_PARM_SIZE
+#define MANAGEMENT_SOCKET_READ_BUFFER_SIZE OPTION_PARM_SIZE
+
/*
* Management-interface-based deferred authentication
*/
diff --git a/src/openvpn/misc.h b/src/openvpn/misc.h
index 8a34f431..27852e81 100644
--- a/src/openvpn/misc.h
+++ b/src/openvpn/misc.h
@@ -184,7 +184,10 @@ struct user_pass
#ifdef ENABLE_PKCS11
#define USER_PASS_LEN 4096
#else
-#define USER_PASS_LEN 128
+/*
+ * Increase the username and password length size to 128KB.
+ */
+#define USER_PASS_LEN 1 << 17
#endif
char username[USER_PASS_LEN];
char password[USER_PASS_LEN];
diff --git a/src/openvpn/options.h b/src/openvpn/options.h
index f3cafeaf..973aa066 100644
--- a/src/openvpn/options.h
+++ b/src/openvpn/options.h
@@ -55,8 +55,8 @@
/*
* Max size of options line and parameter.
*/
-#define OPTION_PARM_SIZE 256
-#define OPTION_LINE_SIZE 256
+#define OPTION_PARM_SIZE USER_PASS_LEN
+#define OPTION_LINE_SIZE OPTION_PARM_SIZE
extern const char title_string[];
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index cf668998..2473671e 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -2157,7 +2157,7 @@ key_state_soft_reset(struct tls_session *session)
static bool
write_empty_string(struct buffer *buf)
{
- if (!buf_write_u16(buf, 0))
+ if (!buf_write_u32(buf, 0))
{
return false;
}
@@ -2172,7 +2172,7 @@ write_string(struct buffer *buf, const char *str, const int maxlen)
{
return false;
}
- if (!buf_write_u16(buf, len))
+ if (!buf_write_u32(buf, len))
{
return false;
}
@@ -2475,6 +2475,10 @@ key_method_2_write(struct buffer *buf, struct tls_session *session)
}
}
+ // Write key length in the first 4 octets of the buffer.
+ uint32_t length = BLEN(buf);
+ memcpy(buf->data, &length, sizeof(length));
+
return true;
error: