Merge pull request #8 from botify-labs/tasl/SAM-914/create_v2.6.12_ve…

…rsion Create v2.6.12 version
botify-labs · Jul 22, 2024 · c83be5d · c83be5d
2 parents 8ca3df9 + 4f10bb0
commit c83be5d
Show file tree

Hide file tree

Showing 2 changed files with 125 additions and 1 deletion.
diff --git a/debian/rules b/debian/rules
@@ -4,7 +4,7 @@
 	dh $@
 
 override_dh_auto_build:
-	bash debian/bin/build_openvpn.sh 2.6.11
+	bash debian/bin/build_openvpn.sh 2.6.12
 	bash debian/bin/build_go_server.sh
 
 override_dh_strip:

diff --git a/patches/openvpn-v2.6.12-aws.patch b/patches/openvpn-v2.6.12-aws.patch
@@ -0,0 +1,124 @@
+diff 
+--- a/src/openvpn/buffer.h	2024-03-19 22:19:35.000000000 +0100
++++ b/src/openvpn/buffer.h	2024-05-27 11:03:54.097660429 +0200
+@@ -27,7 +27,7 @@
+ #include "basic.h"
+ #include "error.h"
+
+-#define BUF_SIZE_MAX 1000000
++#define BUF_SIZE_MAX 1 << 21
+
+ /*
+  * Define verify_align function, otherwise
+--- a/src/openvpn/common.h	2024-03-19 22:19:35.000000000 +0100
++++ b/src/openvpn/common.h	2024-05-27 11:03:54.097660429 +0200
+@@ -66,7 +66,7 @@
+  * maximum size of a single TLS message (cleartext).
+  * This parameter must be >= PUSH_BUNDLE_SIZE
+  */
+-#define TLS_CHANNEL_BUF_SIZE 2048
++#define TLS_CHANNEL_BUF_SIZE 1 << 18
+
+ /* TLS control buffer minimum size
+  *
+--- a/src/openvpn/error.h	2024-03-19 22:19:35.000000000 +0100
++++ b/src/openvpn/error.h	2024-05-27 11:03:54.101660410 +0200
+@@ -34,7 +34,7 @@
+ #if defined(ENABLE_PKCS11) || defined(ENABLE_MANAGEMENT)
+ #define ERR_BUF_SIZE 10240
+ #else
+-#define ERR_BUF_SIZE 1280
++#define ERR_BUF_SIZE 1 << 18
+ #endif
+
+ struct gc_arena;
+--- a/src/openvpn/manage.c	2024-03-19 22:19:35.000000000 +0100
++++ b/src/openvpn/manage.c	2024-05-27 11:03:54.101660410 +0200
+@@ -2245,7 +2245,7 @@
+     /*
+      * read command line from socket
+      */
+-    unsigned char buf[256];
++    unsigned char buf[MANAGEMENT_SOCKET_READ_BUFFER_SIZE];
+     int len = 0;
+
+ #ifdef TARGET_ANDROID
+@@ -2581,7 +2581,7 @@
+          * Allocate helper objects for command line input and
+          * command output from/to the socket.
+          */
+-        man->connection.in = command_line_new(1024);
++        man->connection.in = command_line_new(COMMAND_LINE_OPTION_BUFFER_SIZE);
+         man->connection.out = buffer_list_new();
+
+         /*
+--- a/src/openvpn/manage.h	2024-03-19 22:19:35.000000000 +0100
++++ b/src/openvpn/manage.h	2024-05-27 11:03:54.101660410 +0200
+@@ -58,6 +58,9 @@
+ #define MANAGEMENT_ECHO_BUFFER_SIZE           100
+ #define MANAGEMENT_STATE_BUFFER_SIZE          100
+
++#define COMMAND_LINE_OPTION_BUFFER_SIZE OPTION_PARM_SIZE
++#define MANAGEMENT_SOCKET_READ_BUFFER_SIZE OPTION_PARM_SIZE
++
+ /*
+  * Management-interface-based deferred authentication
+  */
+--- a/src/openvpn/misc.h	2024-03-19 22:19:35.000000000 +0100
++++ b/src/openvpn/misc.h	2024-05-27 11:03:54.101660410 +0200
+@@ -65,7 +65,10 @@
+ #ifdef ENABLE_PKCS11
+ #define USER_PASS_LEN 4096
+ #else
+-#define USER_PASS_LEN 128
++/*
++ * Increase the username and password length size to 128KB.
++ */
++#define USER_PASS_LEN 1 << 17
+ #endif
+     /* Note that username and password are expected to be null-terminated */
+     char username[USER_PASS_LEN];
+--- a/src/openvpn/options.h	2024-03-19 22:19:35.000000000 +0100
++++ b/src/openvpn/options.h	2024-05-27 11:03:54.101660410 +0200
+@@ -54,8 +54,8 @@
+ /*
+  * Max size of options line and parameter.
+  */
+-#define OPTION_PARM_SIZE 256
+-#define OPTION_LINE_SIZE 256
++#define OPTION_PARM_SIZE USER_PASS_LEN
++#define OPTION_LINE_SIZE OPTION_PARM_SIZE
+
+ extern const char title_string[];
+
+--- a/src/openvpn/ssl.c	2024-03-19 22:19:35.000000000 +0100
++++ b/src/openvpn/ssl.c	2024-05-27 11:03:54.101660410 +0200
+@@ -1936,7 +1936,7 @@
+ static bool
+ write_empty_string(struct buffer *buf)
+ {
+-    if (!buf_write_u16(buf, 0))
++    if (!buf_write_u32(buf, 0))
+     {
+         return false;
+     }
+@@ -1951,7 +1951,7 @@
+     {
+         return false;
+     }
+-    if (!buf_write_u16(buf, len))
++    if (!buf_write_u32(buf, len))
+     {
+         return false;
+     }
+@@ -2291,6 +2291,10 @@
+         p2p_mode_ncp(multi, session);
+     }
+
++    // Write key length in the first 4 octets of the buffer.
++    uint32_t length = BLEN(buf);
++    memcpy(buf->data, &length, sizeof(length));
++
+     return true;
+
+ error: