github
/
openvpn-gui
mirror of https://github.com/OpenVPN/openvpn-gui
1
0
Fork 0
Code Issues Releases Wiki Activity

Fix passing username for CRV1 response 

Escape the username string before passing to management
interface. For other dialogs this is already done.

Move string-escape to a function and process the username
through it.
Also escape space, single quote in addition to double quote
and backslash.

Reported by: Jakob Curdes <jc@info-systems.de>

Signed-off-by: Selva Nair <selva.nair@gmail.com>
pull/484/head
Selva Nair 2022-03-10 14:08:10 -05:00 committed by Gert Doering
parent 9d2e79dc6a
commit 6271d2f674
3 changed files with 56 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
misc.c
View File

@ -161,6 +161,46 @@ out:
return retval;
}
/**
* Escape \ space ' and " in a string
* @param input Pointer to the string to escape
* @returns A newly allocated string containing the result or NULL
* on error. Caller must free it after use.
*/
char *
escape_string(const char *input)
{
char *out = strdup(input);
int len = strlen(out);
const char *esc = "\'\"\\ ";
if (!out)
{
MsgToEventLog(EVENTLOG_ERROR_TYPE, L"Error in escape_string: out of memory");
return NULL;
}
for (int pos = 0; pos < len; ++pos)
{
if (strchr(esc, out[pos]))
{
char *buf = realloc(out, ++len + 1);
if (buf == NULL)
{
free(out);
MsgToEventLog(EVENTLOG_ERROR_TYPE, L"Error in escape_string: out of memory");
return NULL;
}
out = buf;
memmove(out + pos + 1, out + pos, len - pos + 1);
out[pos] = '\\';
pos += 1;
}
}
PrintDebug(L"escape_string: in: '%hs' out: '%hs' len = %d", input, out, len);
return out;
}
/*
* Generate a management command from user input and send it
@ -170,25 +210,19 @@ ManagementCommandFromInput(connection_t *c, LPCSTR fmt, HWND hDlg, int id)
{
BOOL retval = FALSE;
LPSTR input, cmd;
int input_len, cmd_len, pos;
int input_len, cmd_len;
GetDlgItemTextUtf8(hDlg, id, &input, &input_len);
/* Escape input if needed */
for (pos = 0; pos < input_len; ++pos)
char *input_e = escape_string(input);
if (!input_e)
{
if (input[pos] == '\\' || input[pos] == '"')
{
LPSTR buf = realloc(input, ++input_len + 1);
if (buf == NULL)
goto out;
input = buf;
memmove(input + pos + 1, input + pos, input_len - pos + 1);
input[pos] = '\\';
pos += 1;
}
goto out;
}
free(input);
input = input_e;
input_len = strlen(input);
cmd_len = input_len + strlen(fmt);
cmd = malloc(cmd_len);

3
misc.h
View File

@ -86,4 +86,7 @@ GetDlgItemTextUtf8(HWND hDlg, int id, LPSTR* str, int* len);
*/
void set_openssl_env_vars(void);
/* Return escaped copy of a string */
char *escape_string(const char *str);
#endif

10
openvpn.c
View File

@ -733,13 +733,13 @@ GenericPassDialogFunc(HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam)
{
/* send username */
template = "username \"Auth\" \"%s\"";
fmt = malloc(strlen(template) + strlen(param->user));
char *username = escape_string(param->user);
fmt = malloc(strlen(template) + strlen(username));
if (fmt)
if (fmt && username)
{
sprintf(fmt, template, param->user);
sprintf(fmt, template, username);
ManagementCommand(param->c, fmt, NULL, regular);
free(fmt);
}
else /* no memory? send an emty username and let it error out */
{
@ -747,6 +747,8 @@ GenericPassDialogFunc(HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam)
L"Out of memory: sending a generic username for dynamic CR", false);
ManagementCommand(param->c, "username \"Auth\" \"user\"", NULL, regular);
}
free(fmt);
free(username);
/* password template */
template = "password \"Auth\" \"CRV1::%s::%%s\"";