Fix check_session_buf_not_used using wrong index

The inner loop used i instead of j when iterating through the buffers. Since i is always between 0 and 2 and ks->send_reliable->size is (when it is defined) always 6 (TLS_RELIABLE_N_SEND_BUFFERS) this does not cause an index of out bounds. So while the check was not doing anything really useful with i instead of j, at least it was not crashing or anything similar. Noticed-By: Jon Williams (braindead-bf) on Github issue #449 Change-Id: Ia3d5b4946138df322ebcd9e9e77d04328dacbc5d Signed-off-by: Arne Schwabe <[email protected]> Acked-by: Frank Lichtenheld <[email protected]> Message-Id: <[email protected]> URL: https://www.mail-archive.com/[email protected]/msg27576.html Signed-off-by: Gert Doering <[email protected]> (cherry picked from commit 59551b9)
OpenVPN · Dec 2, 2023 · 5def8d9 · 5def8d9
1 parent 3168e1a
commit 5def8d9
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
@@ -3210,7 +3210,7 @@ check_session_buf_not_used(struct buffer *to_link, struct tls_session *session)
 
         for (int j = 0; j < ks->send_reliable->size; j++)
         {
-            if (ks->send_reliable->array[i].buf.data == dataptr)
+            if (ks->send_reliable->array[j].buf.data == dataptr)
             {
                 msg(M_INFO, "Warning buffer of freed TLS session is still in"
                     " use (session->key[%d].send_reliable->array[%d])",