$OpenBSD: patch-cstp_c,v 1.3 2015/02/17 12:13:57 sthen Exp $

commit 709744176355d935ce727298634a565c78b74f32
Author: Kevin Cernekee <cernekee@gmail.com>
Date:   Sat Feb 7 14:34:39 2015 -0800

    cstp: AC_PKT_DISCONN payload length can be 0
    
    Terminating ocserv while a connection is active can cause uninitialized
    data to be printed to the terminal:
    
        Established DTLS connection (using GnuTLS). Ciphersuite (DTLS1.2)-(RSA)-(AES-128-GCM).
        Received server disconnect: 00 '<bunch of junk chars>'
        Send BYE packet: Server request
        Session terminated by server; exiting.
    
    If we get an AC_PKT_DISCONN message with no payload, just skip printing
    the disconnect reason.

--- cstp.c.orig	Sun Jan 25 23:00:46 2015
+++ cstp.c	Tue Feb 17 11:53:46 2015
@@ -1009,14 +1009,18 @@ int cstp_mainloop(struct openconnect_info *vpninfo, in
 
 		case AC_PKT_DISCONN: {
 			int i;
-			for (i = 1; i < payload_len; i++) {
-				if (!isprint(vpninfo->cstp_pkt->data[i]))
-					vpninfo->cstp_pkt->data[i] = '.';
+			if (payload_len >= 2) {
+				for (i = 1; i < payload_len; i++) {
+					if (!isprint(vpninfo->cstp_pkt->data[i]))
+						vpninfo->cstp_pkt->data[i] = '.';
+				}
+				vpninfo->cstp_pkt->data[payload_len] = 0;
+				vpn_progress(vpninfo, PRG_ERR,
+					     _("Received server disconnect: %02x '%s'\n"),
+					     vpninfo->cstp_pkt->data[0], vpninfo->cstp_pkt->data + 1);
+			} else {
+				vpn_progress(vpninfo, PRG_ERR, _("Received server disconnect\n"));
 			}
-			vpninfo->cstp_pkt->data[payload_len] = 0;
-			vpn_progress(vpninfo, PRG_ERR,
-				     _("Received server disconnect: %02x '%s'\n"),
-				     vpninfo->cstp_pkt->data[0], vpninfo->cstp_pkt->data + 1);
 			vpninfo->quit_reason = "Server request";
 			return -EPIPE;
 		}
