diff --git a/src/openvpn/proxy.c b/src/openvpn/proxy.c index c9043014cda..5c1cdcb6d11 100644 --- a/src/openvpn/proxy.c +++ b/src/openvpn/proxy.c @@ -948,17 +948,21 @@ establish_http_proxy_passthru(struct http_proxy_info *p, } /* send digest response */ - openvpn_snprintf(buf, sizeof(buf), "Proxy-Authorization: Digest username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s\", qop=%s, nc=%s, cnonce=\"%s\", response=\"%s\"%s", - username, - realm, - nonce, - uri, - qop, - nonce_count, - cnonce, - response, - opaque_kv - ); + int sret = openvpn_snprintf(buf, sizeof(buf), "Proxy-Authorization: Digest username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s\", qop=%s, nc=%s, cnonce=\"%s\", response=\"%s\"%s", + username, + realm, + nonce, + uri, + qop, + nonce_count, + cnonce, + response, + opaque_kv + ); + if (sret >= sizeof(buf)) + { + goto error; + } msg(D_PROXY, "Send to HTTP proxy: '%s'", buf); if (!send_line_crlf(sd, buf)) { diff --git a/src/openvpn/socks.c b/src/openvpn/socks.c index d842666ebee..b0469102552 100644 --- a/src/openvpn/socks.c +++ b/src/openvpn/socks.c @@ -109,8 +109,11 @@ socks_username_password_auth(struct socks_proxy_info *p, "Authentication not possible."); goto cleanup; } - openvpn_snprintf(to_send, sizeof(to_send), "\x01%c%s%c%s", (int) strlen(creds.username), - creds.username, (int) strlen(creds.password), creds.password); + int sret = openvpn_snprintf(to_send, sizeof(to_send), "\x01%c%s%c%s", + (int) strlen(creds.username), creds.username, + (int) strlen(creds.password), creds.password); + ASSERT(sret <= sizeof(to_send)); + size = send(sd, to_send, strlen(to_send), MSG_NOSIGNAL); if (size != strlen(to_send)) diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index 4383e98193b..6f29c3d7d1d 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -2069,7 +2069,7 @@ print_pkey_details(EVP_PKEY *pkey, char *buf, size_t buflen) #endif #ifndef OPENSSL_NO_EC - char groupname[256]; + char groupname[64]; if (is_ec) { size_t len; @@ -2130,7 +2130,7 @@ static void print_cert_details(X509 *cert, char *buf, size_t buflen) { EVP_PKEY *pkey = X509_get_pubkey(cert); - char pkeybuf[128] = { 0 }; + char pkeybuf[64] = { 0 }; print_pkey_details(pkey, pkeybuf, sizeof(pkeybuf)); char sig[128] = { 0 }; diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c index 975d31fafb5..6ef1c7d618c 100644 --- a/src/openvpn/tls_crypt.c +++ b/src/openvpn/tls_crypt.c @@ -575,7 +575,7 @@ tls_crypt_v2_verify_metadata(const struct tls_wrap_ctx *ctx, char metadata_type_str[4] = { 0 }; /* Max value: 255 */ openvpn_snprintf(metadata_type_str, sizeof(metadata_type_str), - "%i", metadata_type); + "%i", (uint8_t) metadata_type); struct env_set *es = env_set_create(NULL); setenv_str(es, "script_type", "tls-crypt-v2-verify"); setenv_str(es, "metadata_type", metadata_type_str); diff --git a/src/openvpnserv/interactive.c b/src/openvpnserv/interactive.c index 452633c6e3c..d32223cea5b 100644 --- a/src/openvpnserv/interactive.c +++ b/src/openvpnserv/interactive.c @@ -33,6 +33,7 @@ #include #include #include +#include #include @@ -2002,7 +2003,7 @@ RunOpenvpn(LPVOID p) ReturnLastError(pipe, L"malloc"); goto out; } - openvpn_swprintf(cmdline, cmdline_size, L"openvpn %ls --msg-channel %lu", + openvpn_swprintf(cmdline, cmdline_size, L"openvpn %ls --msg-channel %" PRIuPTR, sud.options, svc_pipe); if (!CreateEnvironmentBlock(&user_env, imp_token, FALSE))