Update for SAML (long username/password) support

src/openvpn/buffer.h

@@ -27,7 +27,7 @@
 #include "basic.h"
 #include "error.h"
 
-#define BUF_SIZE_MAX 1000000
+#define BUF_SIZE_MAX 2097152 // 2^21
 
 /*
  * Define verify_align function, otherwise

src/openvpn/common.h

@@ -66,7 +66,7 @@ typedef unsigned long ptr_type;
  * maximum size of a single TLS message (cleartext).
  * This parameter must be >= PUSH_BUNDLE_SIZE
  */
-#define TLS_CHANNEL_BUF_SIZE 2048
+#define TLS_CHANNEL_BUF_SIZE 262144 // 2^18
 
 /* TLS control buffer minimum size
  *

src/openvpn/error.h

@@ -40,7 +40,10 @@
 #if defined(ENABLE_PKCS11) || defined(ENABLE_MANAGEMENT)
 #define ERR_BUF_SIZE 10240
 #else
-#define ERR_BUF_SIZE 1280
+/*
+ * Increase the error buffer size to 256 KB.
+ */
+#define ERR_BUF_SIZE 262144 // 2^18
 #endif
 
 struct gc_arena;

src/openvpn/manage.c

@@ -2244,7 +2244,7 @@ man_read(struct management *man)
     /*
      * read command line from socket
      */
-    unsigned char buf[256];
+    unsigned char buf[MANAGEMENT_SOCKET_READ_BUFFER_SIZE];
     int len = 0;
 
 #ifdef TARGET_ANDROID
@@ -2580,7 +2580,7 @@ man_connection_init(struct management *man)
          * Allocate helper objects for command line input and
          * command output from/to the socket.
          */
-        man->connection.in = command_line_new(1024);
+        man->connection.in = command_line_new(COMMAND_LINE_OPTION_BUFFER_SIZE);
         man->connection.out = buffer_list_new();
 
         /*

src/openvpn/manage.h

@@ -58,6 +58,9 @@
 #define MANAGEMENT_ECHO_BUFFER_SIZE           100
 #define MANAGEMENT_STATE_BUFFER_SIZE          100
 
+#define COMMAND_LINE_OPTION_BUFFER_SIZE OPTION_PARM_SIZE
+#define MANAGEMENT_SOCKET_READ_BUFFER_SIZE OPTION_PARM_SIZE
+
 /*
  * Management-interface-based deferred authentication
  */

src/openvpn/misc.h

@@ -65,7 +65,10 @@ struct user_pass
 #ifdef ENABLE_PKCS11
 #define USER_PASS_LEN 4096
 #else
-#define USER_PASS_LEN 128
+/*
+ * Increase the username and password length size to 128KB.
+ */
+#define USER_PASS_LEN 131072 // 2^17
 #endif
     /* Note that username and password are expected to be null-terminated */
     char username[USER_PASS_LEN];

src/openvpn/options.h

@@ -54,8 +54,8 @@
 /*
  * Max size of options line and parameter.
  */
-#define OPTION_PARM_SIZE 256
-#define OPTION_LINE_SIZE 256
+#define OPTION_PARM_SIZE USER_PASS_LEN
+#define OPTION_LINE_SIZE OPTION_PARM_SIZE
 
 extern const char title_string[];
 

src/openvpn/ssl.c

@@ -1914,7 +1914,7 @@ key_state_soft_reset(struct tls_session *session)
 static bool
 write_empty_string(struct buffer *buf)
 {
-    if (!buf_write_u16(buf, 0))
+    if (!buf_write_u32(buf, 0))
     {
         return false;
     }
@@ -1929,7 +1929,7 @@ write_string(struct buffer *buf, const char *str, const int maxlen)
     {
         return false;
     }
-    if (!buf_write_u16(buf, len))
+    if (!buf_write_u32(buf, len))
     {
         return false;
     }
@@ -2269,6 +2269,10 @@ key_method_2_write(struct buffer *buf, struct tls_multi *multi, struct tls_sessi
         p2p_mode_ncp(multi, session);
     }
 
+    // Write key length in the first 4 octets of the buffer.
+    uint32_t length = BLEN(buf);
+    memcpy(buf->data, &length, sizeof(length));
+
     return true;
 
 error: