)]}'
{"id":"openvpn~1213","triplet_id":"openvpn~master~I09209ccd785cc368b2fcf467a3d211fbd41005c6","project":"openvpn","branch":"master","attention_set":{},"removed_from_attention_set":{"1000003":{"account":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"last_update":"2025-09-24 20:36:35.000000000","reason":"Change was submitted"},"1000001":{"account":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"last_update":"2025-09-24 20:36:35.000000000","reason":"Change was submitted"},"1000008":{"account":{"_account_id":1000008,"name":"stipa","display_name":"Lev Stipakov","email":"lstipakov@gmail.com","username":"stipa"},"last_update":"2025-09-24 20:36:35.000000000","reason":"Change was submitted"}},"hashtags":[],"change_id":"I09209ccd785cc368b2fcf467a3d211fbd41005c6","subject":"Validate DNS parameters","status":"MERGED","created":"2025-09-24 13:35:45.000000000","updated":"2025-09-24 20:36:35.000000000","submitted":"2025-09-24 20:36:35.000000000","submitter":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"total_comment_count":0,"unresolved_comment_count":0,"has_review_started":true,"submission_id":"1213","meta_rev_id":"153f7a223f4c80ead17e4548d8f1735792453fb8","_number":1213,"virtual_id_number":1213,"owner":{"_account_id":1000008,"name":"stipa","display_name":"Lev Stipakov","email":"lstipakov@gmail.com","username":"stipa"},"actions":{},"labels":{"Code-Review":{"all":[{"value":0,"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"}],"values":{"-2":"This shall not be submitted","-1":"I would prefer this is not submitted as is"," 0":"No score","+1":"Looks good to me, but someone else must approve","+2":"Looks good to me, approved"},"default_value":0}},"removable_reviewers":[{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."}],"reviewers":{"REVIEWER":[{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"}],"CC":[{"_account_id":1000026,"name":"openvpn-devel","email":"openvpn-devel@lists.sourceforge.net","username":"openvpn-devel"}]},"pending_reviewers":{},"reviewer_updates":[{"updated":"2025-09-24 13:35:46.000000000","updated_by":{"_account_id":1000008,"name":"stipa","display_name":"Lev Stipakov","email":"lstipakov@gmail.com","username":"stipa"},"reviewer":{"_account_id":1000026,"name":"openvpn-devel","email":"openvpn-devel@lists.sourceforge.net","username":"openvpn-devel"},"state":"CC"},{"updated":"2025-09-24 13:35:46.000000000","updated_by":{"_account_id":1000008,"name":"stipa","display_name":"Lev Stipakov","email":"lstipakov@gmail.com","username":"stipa"},"reviewer":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"state":"REVIEWER"},{"updated":"2025-09-24 13:35:46.000000000","updated_by":{"_account_id":1000008,"name":"stipa","display_name":"Lev Stipakov","email":"lstipakov@gmail.com","username":"stipa"},"reviewer":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"state":"REVIEWER"},{"updated":"2025-09-24 20:15:45.000000000","updated_by":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"reviewer":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"state":"REVIEWER"}],"messages":[{"id":"32b7d7a63ba4c69ab62561842c8e38b89fa5fb3d","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":1000008,"name":"stipa","display_name":"Lev Stipakov","email":"lstipakov@gmail.com","username":"stipa"},"date":"2025-09-24 13:35:45.000000000","message":"Uploaded patch set 1.","accounts_in_message":[],"_revision_number":1},{"id":"6a64090906dd3bb90c76cfd09ca4b6f2d7fd3b09","author":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"date":"2025-09-24 20:15:45.000000000","message":"Patch Set 1: Code-Review+2","accounts_in_message":[],"_revision_number":1},{"id":"153f7a223f4c80ead17e4548d8f1735792453fb8","tag":"autogenerated:gerrit:merged","author":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"date":"2025-09-24 20:36:35.000000000","message":"Change has been successfully pushed.","accounts_in_message":[],"_revision_number":2}],"current_revision_number":2,"current_revision":"3a66045b407321c9d1c096227db164df3955ab40","revisions":{"afc49397fb326197555774ba9c22861485ebe4e2":{"kind":"REWORK","_number":1,"created":"2025-09-24 13:35:45.000000000","uploader":{"_account_id":1000008,"name":"stipa","display_name":"Lev Stipakov","email":"lstipakov@gmail.com","username":"stipa"},"ref":"refs/changes/13/1213/1","fetch":{"anonymous http":{"url":"http://gerrit.openvpn.net/openvpn","ref":"refs/changes/13/1213/1","commands":{"Branch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/13/1213/1 \u0026\u0026 git checkout -b change-1213 FETCH_HEAD","Checkout":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/13/1213/1 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/13/1213/1 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/13/1213/1 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull http://gerrit.openvpn.net/openvpn refs/changes/13/1213/1","Reset To":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/13/1213/1 \u0026\u0026 git reset --hard FETCH_HEAD"}}},"commit":{"parents":[{"commit":"9db98baf657c0aa6f56154019c531535d3d16ded","subject":"Make unit tests -Wconversion clean"}],"author":{"name":"Lev Stipakov","email":"lev@openvpn.net","date":"2025-09-18 09:10:05.000000000","tz":180},"committer":{"name":"Lev Stipakov","email":"lev@openvpn.net","date":"2025-09-24 13:35:07.000000000","tz":180},"subject":"Validate DNS parameters","message":"Validate DNS parameters\n\nThis adds validation of following DNS options:\n\n --dns search-domains\n --dns server N resolve-domains\n --dns server N sni\n\n --dhcp-option DOMAIN\n --dhcp-option ADAPTER_DOMAIN_SUFFIX\n --dhcp-option DOMAIN-SEARCH\n\nOn Linux (and similar platforms), those options are written to a tmp file,\nwhich is later sourced by a script running as root. Since options are\ncontrolled by the server, it is possible for a malicious server to\nexecute script injection attack by pushing something like\n\n --dns search-domains x;id\n\nin which case \"id\" command will be executed as a root.\n\nOn Windows, the value of DOMAIN/ADAPTER_DOMAIN_SUFFIX is passed to\na powershell script. A malicious server could push:\n\n --dhcp-option DOMAIN a\u0027;Restart-Computer\u0027\n\nand if openvpn is not using DHCP (this is the default, with dco-win driver)\nand and running without interactive service, that powershell command\nwill be executed.\n\nValidation is performed in a way that value only contains following\nsymbols:\n\n  [A-Za-z0-9.-_\\x80-\\0xff]\n\nReported-By: Stanislav Fort \u003cdisclosure@aisle.com\u003e\nCVE: 2025-10680\nChange-Id: I09209ccd785cc368b2fcf467a3d211fbd41005c6\nSigned-off-by: Lev Stipakov \u003clev@openvpn.net\u003e\n"},"branch":"refs/heads/master"},"3a66045b407321c9d1c096227db164df3955ab40":{"kind":"TRIVIAL_REBASE_WITH_MESSAGE_UPDATE","_number":2,"created":"2025-09-24 20:36:35.000000000","uploader":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"ref":"refs/changes/13/1213/2","fetch":{"anonymous http":{"url":"http://gerrit.openvpn.net/openvpn","ref":"refs/changes/13/1213/2","commands":{"Branch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/13/1213/2 \u0026\u0026 git checkout -b change-1213 FETCH_HEAD","Checkout":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/13/1213/2 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/13/1213/2 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/13/1213/2 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull http://gerrit.openvpn.net/openvpn refs/changes/13/1213/2","Reset To":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/13/1213/2 \u0026\u0026 git reset --hard FETCH_HEAD"}}},"commit":{"parents":[{"commit":"da1d0064ae590213f0245125d6974850fecaa943","subject":"event: Silence conversion warning in tv_to_ms_timeout"}],"author":{"name":"Lev Stipakov","email":"lev@openvpn.net","date":"2025-09-24 20:15:56.000000000","tz":120},"committer":{"name":"Gert Doering","email":"gert@greenie.muc.de","date":"2025-09-24 20:32:06.000000000","tz":120},"subject":"Validate DNS parameters","message":"Validate DNS parameters\n\nThis adds validation of following DNS options:\n\n --dns search-domains\n --dns server N resolve-domains\n --dns server N sni\n\n --dhcp-option DOMAIN\n --dhcp-option ADAPTER_DOMAIN_SUFFIX\n --dhcp-option DOMAIN-SEARCH\n\nOn Linux (and similar platforms), those options are written to a tmp file,\nwhich is later sourced by a script running as root. Since options are\ncontrolled by the server, it is possible for a malicious server to\nexecute script injection attack by pushing something like\n\n --dns search-domains x;id\n\nin which case \"id\" command will be executed as a root.\n\nOn Windows, the value of DOMAIN/ADAPTER_DOMAIN_SUFFIX is passed to\na powershell script. A malicious server could push:\n\n --dhcp-option DOMAIN a\u0027;Restart-Computer\u0027\n\nand if openvpn is not using DHCP (this is the default, with dco-win driver)\nand running without interactive service, that powershell command will be\nexecuted.\n\nValidation is performed in a way that value only contains following\nsymbols:\n\n  [A-Za-z0-9.-_\\x80-\\0xff]\n\nReported-By: Stanislav Fort \u003cdisclosure@aisle.com\u003e\nCVE: 2025-10680\nChange-Id: I09209ccd785cc368b2fcf467a3d211fbd41005c6\nSigned-off-by: Lev Stipakov \u003clev@openvpn.net\u003e\nAcked-by: Gert Doering \u003cgert@greenie.muc.de\u003e\nGerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1213\nMessage-Id: \u003c20250924201601.25304-1-gert@greenie.muc.de\u003e\nURL: https://sourceforge.net/p/openvpn/mailman/message/59238367/\nSigned-off-by: Gert Doering \u003cgert@greenie.muc.de\u003e\n"},"branch":"refs/heads/master"}},"requirements":[],"submit_records":[],"submit_requirements":[]}