mirror of
https://github.com/OpenVPN/openvpn.git
synced 2026-02-03 20:39:40 -05:00
OpenVPN
e0e0720ac3
When the sender jumps forwards exactly epoch_data_keys_future_count in its epoch key use the housekeeping logic does not handle this correctly and triggers an ASSERT. Change the code to correctly implement the special case when the new epoch key of the sender is the highest valid key epoch in the current window of valid epoch keys for receiving data. Change-Id: Ib581c02a29b974184256a9f4ad0ce15ba5f9db3b Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-By: Max Fillinger <maximilian.fillinger@sentyron.com> Reported-By: Pavel Kohout of Aisle Research <pavel.kohout@aisle.com> Github: closes OpenVPN/openvpn-private-issues#103 CVE: 2025-15497 |
||
|---|---|---|
| .github | ||
| contrib | ||
| debug | ||
| dev-tools | ||
| distro | ||
| doc | ||
| include | ||
| m4 | ||
| sample | ||
| src | ||
| tests | ||
| .clang-format | ||
| .git-blame-ignore-revs | ||
| .gitattributes | ||
| .gitignore | ||
| .mailmap | ||
| .pre-commit-config.yaml | ||
| .svncommitters | ||
| AUTHORS | ||
| ChangeLog | ||
| Changes.rst | ||
| CMakeLists.txt | ||
| CMakePresets.json | ||
| compat.m4 | ||
| config.h.cmake.in | ||
| configure.ac | ||
| CONTRIBUTING.rst | ||
| COPYING | ||
| COPYRIGHT.GPL | ||
| forked-test-driver | ||
| INSTALL | ||
| ltrc.inc | ||
| Makefile.am | ||
| NEWS | ||
| PORTS | ||
| README | ||
| README.awslc | ||
| README.cmake.md | ||
| README.dco.md | ||
| README.ec | ||
| README.mbedtls | ||
| README.wolfssl | ||
| renovate.json | ||
| version.m4 | ||
OpenVPN -- A Secure tunneling daemon Copyright (C) 2002-2022 OpenVPN Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 2 as published by the Free Software Foundation. ************************************************************************* To get the latest release of OpenVPN, go to: https://openvpn.net/community-downloads/ To Build and Install, tar -zxf openvpn-<version>.tar.gz cd openvpn-<version> ./configure make make install or see the file INSTALL for more info. For information on how to build OpenVPN on/for Windows with MinGW or MSVC see README.cmake.md. ************************************************************************* For detailed information on OpenVPN, including examples, see the man page http://openvpn.net/man.html For a sample VPN configuration, see http://openvpn.net/howto.html To report an issue, see https://github.com/OpenVPN/openvpn/issues/new For a description of OpenVPN's underlying protocol, see the file ssl.h included in the source distribution. ************************************************************************* Other Files & Directories: * configure.ac -- script to rebuild our configure script and makefile. * sample/sample-scripts/verify-cn A sample perl script which can be used with OpenVPN's --tls-verify option to provide a customized authentication test on embedded X509 certificate fields. * sample/sample-keys/ Sample RSA keys and certificates. DON'T USE THESE FILES FOR ANYTHING OTHER THAN TESTING BECAUSE THEY ARE TOTALLY INSECURE. * sample/sample-config-files/ A collection of OpenVPN config files and scripts from the HOWTO at http://openvpn.net/howto.html ************************************************************************* Note that easy-rsa and tap-windows are now maintained in their own subprojects. Their source code is available here: https://github.com/OpenVPN/easy-rsa https://github.com/OpenVPN/tap-windows6 Community-provided Windows installers (MSI) and Debian packages are built from https://github.com/OpenVPN/openvpn-build See the INSTALL file for usage information.