aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2005-11-01 21:05:04 +0000
committerjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2005-11-01 21:05:04 +0000
commit76a59eae43d2a1d08c6dae855b57625008c44cca (patch)
tree6c438bd05ebb9c7fe48d84c7956c5335fe462d94
parentVERSION 2.1_beta5 (diff)
downloadopenvpn-76a59eae43d2a1d08c6dae855b57625008c44cca.tar.xz
Merged 2.0.4 changes.
svn merge -r 737:749 $SO/trunk/openvpn git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@750 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to '')
-rw-r--r--ChangeLog16
-rw-r--r--init.c2
-rw-r--r--multi.c3
-rw-r--r--openvpn.h11
-rw-r--r--socket.c12
5 files changed, 29 insertions, 15 deletions
diff --git a/ChangeLog b/ChangeLog
index b7789e5..3259f5f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,9 +3,9 @@ Copyright (C) 2002-2005 OpenVPN Solutions LLC <info@openvpn.net>
$Id$
-2005.10.31 -- Version 2.1-beta5
+2005.11.01 -- Version 2.1-beta6
-* Security fix (merged from 2.0.3) -- Affects non-Windows
+* Security fix (merged from 2.0.4) -- Affects non-Windows
OpenVPN clients of version 2.0 or higher which connect to
a malicious or compromised server. A format string
vulnerability in the foreign_option function in options.c
@@ -19,11 +19,13 @@ $Id$
and (c) the client indicates its willingness to accept
pushed options from the server by having "pull" or
"client" in its configuration file (Credit: Vade79).
-* Security fix (merged from 2.0.3) -- Potential DoS vulnerability
- on the server in TCP mode. If the TCP server accept() call
- returns an error status, the resulting exception handler
- may attempt to indirect through a NULL pointer, causing
- a segfault. Affects all OpenVPN 2.0 versions.
+ CVE-2005-3393
+* Security fix -- (merged from 2.0.4) Potential DoS
+ vulnerability on the server in TCP mode. If the TCP
+ server accept() call returns an error status, the resulting
+ exception handler may attempt to indirect through a NULL
+ pointer, causing a segfault. Affects all OpenVPN 2.0 versions.
+ CVE-2005-3409
* Fix attempt of assertion at multi.c:1586 (note that
this precise line number will vary across different
versions of OpenVPN).
diff --git a/init.c b/init.c
index d6c13b2..503e75c 100644
--- a/init.c
+++ b/init.c
@@ -2474,7 +2474,7 @@ init_instance (struct context *c, const struct env_set *env, const unsigned int
else if (child)
crypto_flags = CF_INIT_TLS_MULTI;
do_init_crypto (c, crypto_flags);
- if (IS_SIG (c))
+ if (IS_SIG (c) && !child)
goto sig;
}
diff --git a/multi.c b/multi.c
index a425c19..95ea758 100644
--- a/multi.c
+++ b/multi.c
@@ -413,7 +413,8 @@ static void
multi_client_disconnect_script (struct multi_context *m,
struct multi_instance *mi)
{
- if (mi->context.c2.context_auth == CAS_SUCCEEDED || mi->context.c2.context_auth == CAS_PARTIAL)
+ if ((mi->context.c2.context_auth == CAS_SUCCEEDED && mi->connection_established_flag)
+ || mi->context.c2.context_auth == CAS_PARTIAL)
{
multi_client_disconnect_setenv (m, mi);
diff --git a/openvpn.h b/openvpn.h
index 318f10d..e635dba 100644
--- a/openvpn.h
+++ b/openvpn.h
@@ -397,12 +397,11 @@ struct context_2
in_addr_t push_ifconfig_local;
in_addr_t push_ifconfig_remote_netmask;
- /* client authentication state */
-# define CAS_UNDEF 0
-# define CAS_SUCCEEDED 1
-# define CAS_PENDING 2
-# define CAS_FAILED 3
-# define CAS_PARTIAL 4 /* at least one client-connect script/plugin
+ /* client authentication state, CAS_SUCCEEDED must be 0 */
+# define CAS_SUCCEEDED 0
+# define CAS_PENDING 1
+# define CAS_FAILED 2
+# define CAS_PARTIAL 3 /* at least one client-connect script/plugin
succeeded while a later one in the chain failed */
int context_auth;
#endif
diff --git a/socket.c b/socket.c
index dd98f7c..012158c 100644
--- a/socket.c
+++ b/socket.c
@@ -1115,9 +1115,16 @@ link_socket_init_phase2 (struct link_socket *sock,
struct gc_arena gc = gc_new ();
const char *remote_dynamic = NULL;
bool remote_changed = false;
+ int sig_save = 0;
ASSERT (sock);
+ if (signal_received && *signal_received)
+ {
+ sig_save = *signal_received;
+ *signal_received = 0;
+ }
+
/* initialize buffers */
socket_frame_init (frame, sock);
@@ -1321,6 +1328,11 @@ link_socket_init_phase2 (struct link_socket *sock,
&gc));
done:
+ if (sig_save && signal_received)
+ {
+ if (!*signal_received)
+ *signal_received = sig_save;
+ }
gc_free (&gc);
}