From e3241f4f4df89a46ee6930f6ede61f31bfc7f48d Mon Sep 17 00:00:00 2001
From: Davide De Rosa <keeshux@gmail.com>
Date: Sun, 22 Dec 2019 16:27:43 +0100
Subject: [PATCH] Fix potential OOB during negotiation

Reported by @Grivus with SoftEther.

Closes #143
---
 CHANGELOG.md                                             | 6 ++++++
 TunnelKit/Sources/Protocols/OpenVPN/ControlChannel.swift | 6 ++----
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d5754a0..7fb1f1a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## Unreleased
+
+### Fixed
+
+- Index out of range during negotiation (Grivus). [#143](https://github.com/passepartoutvpn/tunnelkit/pull/143)
+
 ## 2.2.1 (2019-12-14)
 
 ### Fixed
diff --git a/TunnelKit/Sources/Protocols/OpenVPN/ControlChannel.swift b/TunnelKit/Sources/Protocols/OpenVPN/ControlChannel.swift
index 5b544d0..e7ad5e0 100644
--- a/TunnelKit/Sources/Protocols/OpenVPN/ControlChannel.swift
+++ b/TunnelKit/Sources/Protocols/OpenVPN/ControlChannel.swift
@@ -199,10 +199,8 @@ extension OpenVPN {
             }
             
             // drop queued out packets if ack-ed
-            for (i, packet) in queue.outbound.enumerated() {
-                if packetIds.contains(packet.packetId) {
-                    queue.outbound.remove(at: i)
-                }
+            queue.outbound.removeAll {
+                return packetIds.contains($0.packetId)
             }
             
             // remove ack-ed packets from pending